Add this line to your application's Gemfile:
gem 'devise_token_authenticatable'
For the controllers only, we provide the generator to install the gem.
/!\ Warning, it will override controllers/users/sessions_controller.rb
and controllers/users/registrations_controller.rb
if they exist. /!\
rails g devise_token_authenticatable:initializer
If you don't want to use the generator, you can install the gem manually (see below).
Create an users
directory in your controllers
directory.
In this users
directory, create a sessions
controller.
Override the create
action like this :
class Users::SessionsController < Devise::SessionsController
def create
super do
set_user_access_token!
end
end
end
In the same users
directory than previous, create a registrations
controller.
Update it like this :
class Users::RegistrationsController < Devise::RegistrationsController
prepend_before_action :set_user_access_token!, only: %i[edit update destroy]
end
Use "before_action :token_authenticate_user!" instead of "before_action :authenticate_user!"
In your user
model, add the module :token_authenticatable
next to other devise's modules
Example :
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable and :omniauthable
devise :database_authenticatable, :registerable, :timeoutable,
:recoverable, :rememberable, :trackable, :validatable,
:token_authenticatable
end
You can add uncomment the timeoutable
devise module to set an expiry date to your token.
Choose token's lifetime in devise.rb
config.timeout_in = 30.minutes
The gem is available as open source under the terms of the MIT License.