Devise API authentication

Xiaotian Guo picture Xiaotian Guo · Sep 30, 2011 · Viewed 25.7k times · Source

I am working on a rails web application that also provides JSON based API for mobile devices . mobile clients are expected to first obtain a token with (email/pass), then clients will make subsequential API calls with the token.

I am pretty new to Devise, and I am looking for a Devise API look like authenticate(email, pass) and expect it to return true/false, then based on that I will either create and hand back the token or return a decline message. but seems Devise doesn't provide something like this.

I am aware that Devise 1.3 provides JSON based auth, but that's a bit different from what I need - I need to generate token and handle back to client, then after that auth is done using the token instead.

Can someone please give some pointers?

Answer

Jesse Wolgamott picture Jesse Wolgamott · Sep 30, 2011

There is a devise configuration called :token_authenticatable. So if you add that to the devise method in your "user", then you can authenticate in your API just by calling

"/api/v1/recipes?qs=sweet&auth_token=[@user.auth_token]"

You'll probably want this in your user as well:

before_save :ensure_authentication_token

UPDATE (with API authorization code)

The method you're looking for are:

resource = User.find_for_database_authentication(:login=>params[:user_login][:login])
resource.valid_password?(params[:user_login][:password])

here's my gist with a full scale JSON/API login with devise