Ethan
Posted on February 5, 2023
Introduction
Hello! ๐
Recently I had to use Rails devise_token_auth at work, so for my future self, and hopefully you the reader. I will show you how you can implement this easily. ๐
First we need to actually create the project.
Initializing The Project
Creating a new project is easy with the rails command:
rails new devise_auth_token
Once the command is finished, enter your newly created project and open up the "Gemfile" and enter the following two gems required:
gem "devise"
gem "devise_token_auth"
Save the file and then run the following command to install both of the gems:
bundle install
Next we will also need to install both of the gems, this can be done via the following commands:
rails g devise:install
rails g devise_token_auth:install User auth
Finally we need to migrate the database, which can be done via:
rails db:migrate
Done! ๐ Next we need to configure the devise plugins.
Configuring Devise
Now that we have installed devise we next need to change some of the settings.
Open up config/initializers/devise_token_auth.rb and add the following oneline:
config.change_headers_on_each_request = false
If you want the headers to change after every request set the above to "true", for testing purposes I have changed it to false but you may want to change the headers on each request for added security.
Next open up app/controllers/application_controller.rb and add the following:
protect_from_forgery unless: -> { request.format.json? }
Since we don't use sessions and use our own tokens we don't really need forgery protection. But I recommend you don't set the above if you plan on session management.
Next create a new Controller to test out authentication, this can be done with the following command:
rails g controller game
This should create a new "GameController", open up the new GameController and add the following:
class GameController < ApplicationController
before_action :authenticate_user!
def index
render :nothing => true, :status => :ok
end
end
Adding "authenticate_user!" means the user will need to actually sign in before accessing the contents.
Next create a new directory "app/views/game", and create new "index.html.erb" file with the following contents:
<h1>Hello</h1>
Simple I know. Next we need to configure the route to access this which can be done by adding the following to "config/routes.rb":
resources :game, only: [:index]
Make sure to include the only as if left it rails we add a bunch of redeundent routes to your project, which is not desired.
Done! Now we can finally test it out! ๐
Testing The Implementation
Finally we get to test the implementation! ๐
The following command allows you to register a user:
curl localhost:3000/auth -X POST -d '{"email": "example@example.com", "password": "password", "password_confirmation": "password"}' -H "content-type:application/json"
The next command allows you to sign in as a user and will give you the authentication headers.
curl localhost:3000/auth/sign_in -i -X POST -d '{"email": "example@example.com", "password": "password"}' -H "content-type:application/json"
Finally we can access the Game view via the following command: (Please note the headers will be deferent)
curl localhost:3000/game -H "access-token: rvb5ZQTOu8QNv7K9cSGSdA" -H "client: RkgM3tLEWiUOcfwrJWiCSg" -H "uid: example@example.com"
The response should give the HTML file. Also if you change any of the headers to something incorrect you should get a 401 please sign in response. ๐ธ
Feel free to use this in your project.
Conclusion
Here I have shown how you can implement devise token auth into a new Rails project.
It was a lot easier than I expected, but I decided to write it down for future me and hopefully this post has helped you. ๐บ
As always you can find the sample code at my Github:
https://github.com/ethand91/Rails-Devise-Auth-Sample
Like me work? I post about a variety of topics, if you would like to see more please like and follow me.
Also I love coffee.
If you are looking to learn Algorithm Patterns to ace the coding interview I recommend the following course
Posted on February 5, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related