如何处理devise_token_auth中的访问令牌

Question

I am trying to create an API for an application (both in Rails), but I have many doubts regarding authentication through an API.

Contextualizing a bit what I'm doing.

• To create the API in Rails I'm using the rails-api and devise_token_auth gems.
• For the application that will consume the API's services I'm using the httparty gem.

Now the question I have is with respect to login, the description in devise_token_auth about the sign_in path is:

Email authentication. Requires email and password as params. This route will return a JSON representation of the User model on successful login along with the access-token and client in the header of the response.

The problem is that I don't know how to handle the access-token , for example, if I execute this:

@result = HTTParty.post('url_of_my_api_on_heroku/auth/sign_in', :body => {"email": "someemail@example.com", "password": "ABCDEFGHI"}.to_json, :headers => { 'Content-Type' => 'application/json' })

On the application that will consume the API's services and I display the value of @result I can see the user data successfully... BUT I don't know how to get the access-token , nor use it .

I need some help, please.

Answer 1

This is how you get the access-token:

@result = HTTParty.post('url_of_my_api_on_heroku/auth/sign_in', :body => {"email": "someemail@example.com", "password": "ABCDEFGHI"}.to_json, :headers => { 'Content-Type' => 'application/json' })

@access_token = @result_login.headers["access-token"]

Now @access_token will have the current value of the access-token .