Devise: Devise and API only configuration

Created on 31 Dec 2018  路  3Comments  路  Source: heartcombo/devise

Hello,

First of all thank you for really good job!
I use devise plugin always when I need auth layer in my application.
But my last few projects I used rails api only and always I have the same problems with devise configuration in "nice" way.

  1. The first thing is routing.
    Maybe should be some option in devise config like config.api_only = true which will create automatically correct routes (without view routes).

Now, I must doing something like this:

  devise_for :users, skip: :all

  devise_scope :user do
    scope :auth, defaults: { format: :json } do
      post   '/signin',       to: 'sessions#create'
      delete '/signout',      to: 'sessions#destroy'
      post   '/signup',       to: 'registrations#create'
      put    '/account',      to: 'registrations#update'
      delete '/account',      to: 'registrations#destroy'
      put    '/password',     to: 'devise/passwords#update'
      post   '/password',     to: 'devise/passwords#create'
      get    '/confirmation', to: 'devise/confirmations#show'
      post   '/unlock',       to: 'devise/unlocks#create'
      get    '/unlock',       to: 'devise/unlocks#show'
    end
  end
  1. Default responders:

Currently, I must change my ApplicationController.rb like this:

class ApplicationController < ActionController::API
  include ActionController::MimeResponds

  respond_to :json
end

I think it should be also in gem.
And of course api_only = true should also disable all flash messages, redirections etc.

  1. Last thing - JWT authentication.

Most of API applications use JWT authentication. I think will be really good if Devise provide some "right" solution to generate and invalidate JWT token. Maybe something like Warden JWT Auth?

Again thank you and I wish you all the best.

picture mits87
👍19

Most helpful comment

Just wanted to share my experience with using JWT for sessions since it was mentioned here. JWT most probably isn't what you want to use. I found this oft cited article to be great advice. As always YMMV but I strongly suggest you read it.

picture juni0r on 2 Mar 2020
👍2

All 3 comments

Hello @mits87, thanks for the issue.

Unfortunately, Devise does not support API only applications out of the box. There are no plans of doing so in any time soon - the effort would be too big and we can't afford it right now.

I think there are some other gems that you can include it together with devise that would help you with the things in mentioned. I don't know all of them but I do know a https://github.com/waiting-for-dev/devise-jwt, for example.

tegon picture tegon on 2 Jan 2019
👎8 😕6

Just wanted to share my experience with using JWT for sessions since it was mentioned here. JWT most probably isn't what you want to use. I found this oft cited article to be great advice. As always YMMV but I strongly suggest you read it.

juni0r picture juni0r on 2 Mar 2020
👍2

@mits87 I'm curious if you're still using devise for this or if you found a better alternative? I assume what you're doing is setting up a kind of authentication api service and using devise as the backend?

toomanyjoes picture toomanyjoes on 27 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jmarchello picture jmarchello  路  4Comments
afuno picture afuno  路  3Comments
mvz picture mvz  路  3Comments
HerbertKoelman picture HerbertKoelman  路  3Comments
Pedroknoll picture Pedroknoll  路  3Comments