The TokenAuthenticatable module is responsible for generating an authentication token and validating the authenticity of the same while signing in.
This module only provides a few helpers to help you manage the token, but it is up to you to choose how to use it. For example, if you want to have a new token every time the user saves his account, you can do the following:
before_save :reset_authentication_token
On the other hand, if you want to generate token unless one exists, you should use instead:
before_save :ensure_authentication_token
If you want to delete the token after it is used, you can do so in the #after_token_authentication callback.
TokenAuthenticatable adds the following options to devise_for:
* +token_authentication_key+: Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
Hook called after token authentication.
# File lib/devise/models/token_authenticatable.rb, line 56 def after_token_authentication end
Generate authentication token unless already exists.
# File lib/devise/models/token_authenticatable.rb, line 46 def ensure_authentication_token reset_authentication_token if authentication_token.blank? end
Generate authentication token unless already exists and save the record.
# File lib/devise/models/token_authenticatable.rb, line 51 def ensure_authentication_token! reset_authentication_token! if authentication_token.blank? end
# File lib/devise/models/token_authenticatable.rb, line 59 def expire_auth_token_on_timeout self.class.expire_auth_token_on_timeout end
Generate new authentication token (a.k.a. “single access token”).
# File lib/devise/models/token_authenticatable.rb, line 35 def reset_authentication_token self.authentication_token = self.class.authentication_token end
Generate new authentication token and save the record.
# File lib/devise/models/token_authenticatable.rb, line 40 def reset_authentication_token! reset_authentication_token save(:validate => false) end
# File lib/devise/models/token_authenticatable.rb, line 30 def self.required_fields(klass) [:authentication_token] end