Re: [devise] How to config devise to accept auth token via HTTP header?

Showing 1-6 of 6 messages
Re: [devise] How to config devise to accept auth token via HTTP header? Carlos Antonio da Silva 6/13/12 7:13 PM
Devise does not support this by default (although seems a nice addition :D), but I think you could start by trying a monkey patch to see how it goes.

You'd have to change the source from where Devise finds the token to attempt an authentication:

The authenticate! method in the link above calls authentication_hash, which will make use of the params:

I think that by changing the method in this link, `params_auth_hash`, to return a hash cointaing the token => the value from the header you want, would probably do the job.

-- 
At.
Carlos Antonio

On Wednesday, June 13, 2012 at 4:36 AM, Horace Ho wrote:

Currently, devise is configured to accept token authentication via URL and curl works well:

curl 'http://localhost/index.json?auth_token=TOKENVALUE'

I'd like to pass the TOKENVALUE via HTTP header instead of URL, how can I config devise to get the TOKENVALUE from HTTP header? Such that the following curl requests will also work:

curl 'http://localhost/index.json' -H 'Authorization: Token token="TOKENVALUE"'

Devise settings in user.rb:

devise :token_authenticatable, :database_authenticatable, :registerable, 
:recoverable, :rememberable, :trackable, :validatable


Re: [devise] How to config devise to accept auth token via HTTP header? fs 7/6/12 2:40 AM
Just in case somebody wants to do this, I did the following and it worked. Just put this at the end of config/initializers/devise.rb (or any other initializer):

require 'devise/strategies/token_authenticatable'
module Devise
  module Strategies
    class TokenAuthenticatable < Authenticatable
      def params_auth_hash
        return_params = if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first)
            params[scope]
          else
            params
          end
        token = ActionController::HttpAuthentication::Token.token_and_options(request)
        return_params.merge!(:auth_token => token[0]) if token
        return_params
      end
    end
  end
end

Best regards,
Fabian
Re: [devise] How to config devise to accept auth token via HTTP header? Joe Hankin 9/25/12 11:49 AM
Thank you for this -- works like a charm!

Cheers,

--Joe
Re: [devise] How to config devise to accept auth token via HTTP header? Rob H 4/21/13 7:32 AM
I had a pull request in for the a few weeks ago that was just merged into plataformatec/devise master. The only issue I ran into when upgrading to master branch instead of the gem was that the devise config changed slightly, so you will have to enable the "config.http_authenticatable = true" (or config.http_authenticatable = [:token_auth]") setting in order to have token authentication working properly. 
Re: [devise] How to config devise to accept auth token via HTTP header? Ernest Surudo 6/24/13 5:03 AM
Rob, are you saying that fs' workaround is no longer necessary to get authenticated via an auth header, and is now built into devise? Is there more info on this somewhere?
Re: How to config devise to accept auth token via HTTP header? Joshua Rountree 12/15/14 5:53 AM
Does anyone know if this is still relative to the latest versions of Devise? or has anything changed in this regard?


On Wednesday, June 13, 2012 3:36:40 AM UTC-4, Horace Ho wrote:

Currently, devise is configured to accept token authentication via URL and curl works well:

curl 'http://localhost/index.json?auth_token=TOKENVALUE'

I'd like to pass the TOKENVALUE via HTTP header instead of URL, how can I config devise to get the TOKENVALUE from HTTP header? Such that the following curl requests will also work:

curl 'http://localhost/index.json' -H 'Authorization: Token token="TOKENVALUE"'

Devise settings in user.rb:

devise :token_authenticatable, :database_authenticatable, :registerable, 
:recoverable, :rememberable, :trackable, :validatable