Strategy for signing in a user, based on a authenticatable token. This works for both params and http. For the former, all you need to do is to pass the params in the URL:
http://myapp.example.com/?user_token=SECRET
For HTTP, you can pass the token as username and blank password. Since some clients may require a password, you can pass “X” as password and it will simply be ignored.
# File lib/devise/strategies/token_authenticatable.rb, line 17 def authenticate! resource = mapping.to.find_for_token_authentication(authentication_hash) return fail(:invalid_token) unless resource if validate(resource) resource.after_token_authentication success!(resource) end end
# File lib/devise/strategies/token_authenticatable.rb, line 13 def store? super && !mapping.to.skip_session_storage.include?(:token_auth) end