simple_token_authentication
simple_token_authentication copied to clipboard
gonzalo-bulnes
Use "Authorization" to pass the token
Hello! I'm currently implementing an app with Devise and Simple Token Authentication, but the consumer of my app doesn't want to use custom headers, is it possible to use the mentioned header and to prepend the token with "Token" in order to comply with HTTP simple auth?
Thank you!
Yeah, this is exactly what ember-simple-auth expects to do with the Devise authorizer, presumably because that's the format Devise expected when using token authentication.
Hi @Juanadelacuesta,
For the first part - customizing the header name - you can use the header_names option (docs)
# config/initializers/simple_token_authentication.rb
SimpleTokenAuthentication.configure do |config|
# Configure the name of the HTTP headers watched for authentication (assuming user is the resource).
config.header_names = { user: { authentication_token: 'Authorization' } }
end
However, if what you want to obtain is the following (thank you @ClayShentrup for the reference): Authorization: token="234rtgjneroigne4" email="[email protected]", that won't be enough.
The gem currently doesn't support reading both the token and the identifier (typically email) from the same header. The relevant parts of the code are:
-
for context: the controller code responsible for using the identifier and verifying the token:
SimpleTokenAuthentication::TokenAuthenticationHandler#find_record_from_identifierSimpleTokenAuthentication::TokenAuthenticationHandler#token_correct? -
where the token and identifier are actually retrieved:
SimpleTokenAuthentication::Entity#get_token_from_params_or_headers
Does that answer you question?
Note that this aspect of Simple Token Authentication could be made more flexible with some effort, and I'm not against working towards that if it is useful. Meaning: I'm happy to contribute on a PR, but I would not start that on myself : )
Last but not least, if you find or write an alternative that suits your needs, please add it to this page of the Devise wiki - I've added Tiddle recently, and I think it's a great thing that the page exists.
