I want to use devise's tokens to support logging in/out in multiple clients at once. The problem is that today there's only one authentication token per user.
With today's devise i can:
1. Use the same token for all clients.
2. Reset the token on every login (and lose the login on other devices).
What i want i a the ability to create multiple tokens (one for each client). Does devise has that option? Is there any other plugin?
Thanks,
I solved it and wrote my solution in my blog: http://www.refaelos.com/post/20664288136/multiple-token-authentication-with-devise-redis?2c914400
Related
I'm looking for a way to create a api token after registration without session
And I also have a question:
Regular site have session to identify the current user
But in api How can I identify the current user if we do not create for him a session?
I'm having trouble with these questions
The main concept is that in login request you send e-mail and password and you get the token.
In all next request you send always this token (so you know which user makes the request) and for this you also send other data (if they are necessary).
Of course you need to make sure this token is somehow unique so you can now exactly which user is making the request.
You can implement it on your own or you can take advantage on some ready components.
In fact in Laravel 5.2 you have TokenGuard built in so you can create simple token authentication out of the box. You can watch this movie on Laracasts for further details.
You can also use some other packages for example JWT Auth
We are developing an API Rest services layer using Zend Rest Server framework.
The thing is that we would like to implement the login system using tokens but we are not sure how should it work if user do login in from several devices or browsers at a time.
Any suggestions?
Thanks in advance
Basically these could be some basic guidelines:
Make a normal (Form) login
Implement a token based Authentication and Authorization mechanism in paralel with your normal (Form) login
Issue tokens on every unique login, have the tokens expire in say 10-15 minutes (or whatever)
Don't worry about the different devices - all separate logins will have separate PHPSession Ids. But also manage the devices - one unique login == one token. So different simultaneous logins == different tokens. It is worth it to mention that this may not be the exact case for some devices and especially if you're not handling sessions (or and cookies) properly. Apple devices had some problems with this but you should do your own research.
This could be the basis. Extend and re-evaluate this approach. Also keep in mind the difference between Authentication and Authorization - this is very well formulated here.
Also you could implement OAuth as a base for the authentication system.
Can anyone give an example or link to tutorial how can be implemented manual signin for users and get session_id.
I am porting an application from Rails 2 to Rails 3, that used before RestAuthentication. The new app uses devise, and I already managed to fix the sign-in/sign-out for admins. The application has one more model (users) that need to be authenticated.
I need to get session_id in order to pass it in the response, because the client is not browser, but mobile device.
Any links, ideas and examples are welcome. Thanks in advance!
I used token id instead of session id. The token is re-generated each time when the session is expired or user log-outs.
I have a subscription based app, charged on the basis of number of users added.
I want to restrict users to single session.
How to implement it. I am using devise for authentication.
Thanks..
There is a devise extension with session limit support
https://github.com/phatworx/devise_security_extension
I'm starting using Devise in my Rails app, but the Token Authenticatable: signs in a user based on an authentication token (also known as "single access token") module puzzles me.
Is the user authenticated only for his current session? If he uses now the URL containing the token, can he re-use it at a later tine and still have access, or does he get a single access?
Can multiple users be authenticated at the same time, using the same token?
I have searched extensively for a working example; please forgive me if this is explained elsewhere.
Any pointers would be more than welcomed. Thanks for your help.
The short answer is: it's up to you.
This module only provides a few
helpers to help you manage the token,
but it is up to you to choose how to
use it. For example, if you want to
have a new token every time the user
saves his account, you can do the
following:
before_save :reset_authentication_token
On the other hand, if you want to
generate token unless one exists, you
should use instead:
before_save :ensure_authentication_token
If you want to delete the token after
it is used, you can do so in the
after_token_authentication callback.
See the documentation for this model at http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable.