17

I make API in rails. For normal authentication we use devise but in API how to implement devise for authentication.

gem 'devise_token_auth'

Someone prefer this this gem for authentication but there are no tutorial available for that. How to implement authenitication in rails api?

K M Rakibul Islam
  • 33,760
  • 12
  • 89
  • 110
  • 1
    This is question which I post but stack overflow deactivate my account :( –  May 02 '16 at 13:45

4 Answers4

17

Here is a good tutorial on API authentication with devise_token_auth. Also, the devise_token_auth gem's github page seems to have a very good documentation which should help you get started.

If you are looking for a good tutorial to understand the related concepts, here is one that has a thorough walkthrough of creating a Rails API with token-based authentication (Not using devise_token_auth, but useful to understand the concepts).

I also recommend you to take a look at the JWT (JSON Web Token) which works very well with large scale Rails API. Here is another tutorial that explains how to build Rails API Backed With JWT

Anurag Aryan
  • 611
  • 6
  • 16
K M Rakibul Islam
  • 33,760
  • 12
  • 89
  • 110
17

The best thing you can do is to follow the github tutorials which are most likely to be up-to-date.

First you should follow the TLDR part.
Note that the frontend developpers need to know about the usage specification.
Finally you want to go through the documentation. Here are some samples that might help:

Routes

Rails.application.routes.draw do

  # Stuff
  devise_for :admin_users, ActiveAdmin::Devise.config
  ActiveAdmin.routes(self)
  devise_for :users
  root to: "home#index"

  # The API part
  namespace :api, defaults: {format: :json} do
    scope :v1 do
      mount_devise_token_auth_for 'User', at: 'auth', skip: [:omniauth_callbacks]
      resources :stuff, only: [:index, :show]
    end
  end
end

A controller: 

module Api
  class StuffsController < ApiController
    before_action :authenticate_user!
    ...
  end
end

API Controller

class ApiController < ApplicationController
  include DeviseTokenAuth::Concerns::SetUserByToken
end

User model

class User < ActiveRecord::Base
  # Include default devise modules.
  devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable
  include DeviseTokenAuth::Concerns::User
end

Finally don't forget to configure the gem in the corresponding initializer.

rdupz
  • 2,204
  • 2
  • 13
  • 21
4

You can add attributes "authentication_token" to you table and use this gem:

https://github.com/robertomiranda/has_secure_token

in application_controller:

def authenticate_user!
  authenticate_user_from_token!
  super
end


def authenticate_user_from_token!
  User.find_by_authentication_token(user_token)
end

def user_token
  request.headers['X-AUTH-TOKEN'].presence || params['auth_token'].presence
end

Artem Biserov
  • 111
  • 6
  • Your solution absolutely saved me! Just one simple modification, on authenticate_user! I had to modify the return value to authenticate_user_from_token! || super – mike.adc Feb 22 '17 at 06:37
  • It was this very simple and every1 seems referring to more gems. Even devise docs don't simple explain how I can auth myself. Thanks! – thevikas Nov 18 '18 at 14:43
2

In my current project I have implemented simple_token_authentication. It is pretty easy to implement and use as well.

Just add the following to your Gemfile and run bundle install

gem 'simple_token_authentication', '1.12.0'

Rest all of the steps are given in its documentation and pretty easy to follow too.

Jagjot
  • 5,816
  • 2
  • 24
  • 41