Skip to content

Latest commit

 

History

History
53 lines (38 loc) · 2.09 KB

model_concerns.md

File metadata and controls

53 lines (38 loc) · 2.09 KB

Model Concerns

DeviseTokenAuth::Concerns::User

Typical use of this gem will not require the use of any of the following model methods. All authentication should be handled invisibly by the controller concerns.

Models that include the DeviseTokenAuth::Concerns::User concern will have access to the following public methods (read the above section for context on token and client):

  • valid_token?: check if an authentication token is valid. Accepts a token and client as arguments. Returns a boolean.

    Example:

    # extract token + client_id from auth header
    client_id = request.headers['client']
    token = request.headers['access-token']
    
    @resource.valid_token?(token, client_id)
  • create_new_auth_token: creates a new auth token with all of the necessary metadata. Accepts client as an optional argument. Will generate a new client if none is provided. Returns the authentication headers that should be sent by the client as an object.

    Example:

    # extract client_id from auth header
    client_id = request.headers['client']
    
    # update token, generate updated auth headers for response
    new_auth_header = @resource.create_new_auth_token(client_id)
    
    # update response with the header that will be required by the next request
    response.headers.merge!(new_auth_header)
  • build_auth_header: generates the auth header that should be sent to the client with the next request. Accepts token and client as arguments. Returns a string.

    Example:

    # create client id and token
    client_id = SecureRandom.urlsafe_base64(nil, false)
    token     = SecureRandom.urlsafe_base64(nil, false)
    
    # store client + token in user's token hash
    @resource.tokens[client_id] = {
      token: BCrypt::Password.create(token),
      expiry: (Time.zone.now + @resource.token_lifespan).to_i
    }
    
    # generate auth headers for response
    new_auth_header = @resource.build_auth_header(token, client_id)
    
    # update response with the header that will be required by the next request
    response.headers.merge!(new_auth_header)