Rails Devise and devise_token_auth. Not working alongside

Question

I have a Rails 4.1 Application running with Devise for authentication.

For access via mobile apps i would like to implement token auth with the recommended devise_token_auth gem. I do not use Omniauth

The functionality of the existing app should not be altered.

What i did:

Installed devise_token_auth via gemfile.

Used the generator: rails g devise_token_auth:install User auth

Changed the migration to add the required fields. Migration failed due missing of Omniauth. So i also installed it.

Changed routes.rb

devise_for :users, :skip => [:sessions, :registrations, :omniauth_callbacks]
  as :user do
    get 'register' => 'users/registrations#new', :as => :new_user_registration
    post 'register' => 'users/registrations#create', :as => :user_registration
    get 'sign_in' => 'devise/sessions#new', :as => :new_user_session
    post 'sign_in' => 'devise/sessions#create', :as => :user_session
    delete '/' => 'users/sessions#destroy', :as => :destroy_user_session
  end

added:

namespace :api do
scope :v1 do
  mount_devise_token_auth_for 'User', at: 'auth', skip: [:omniauth_callbacks]
end

end

In User Model i have:

devise :database_authenticatable, :registerable,
     :recoverable, :rememberable, :trackable, :validatable,
     :confirmable, :timeoutable, :lockable
include DeviseTokenAuth::Concerns::User

Now when i try to sign_up a new user it gives me the validation error:

Uid can't be blank

Does someone had the same problem and resolved it?

What i find strange is that it needs to have Omniauth installed.

Update:

I overwrite the Devise registration controller create action:

build_resource(sign_up_params)
 resource.uid = resource.email
 resource.provider = ''

Now when i sign_in i get:

{"errors":["Authorized users only."]}

in Browser.

Answer 1

Adding the following to app/models/user.rb:

before_validation do
  self.uid = email if uid.blank?  
end

did it for me. Also make sure the provider is set to "email" for "provider".

Answer 2

Well I'm currently struggling with the same thing. Trying to add devise_token_auth to Devise, and it is not working so far for me.

As far as this goes, are you talking about "sign_up" for Devise, or devise_token_auth ? If it is for Devise, I supposed setting uid=email before creating the record would solve this.

Answer 3

This error is raised by devise_token_auth, not by devise. So essentially, devise_token_auth is trying to authenticate your normal devise routes the same way it would normally authenticate an api request. Your normal devise routes are authenticating via session, not via token, so you'll get this error:

{"errors":["Authorized users only."]} 

There are a couple of things that could be happening here. First, make sure that you're only looking for token validation on the actions of your API controllers. So make sure that this line is included in your BaseAPIController, and not in your ApplicationController.

include DeviseTokenAuth::Concerns::SetUserByToken

The other possibility is that you have some namespacing issues in your routes.rb. Make sure that you have something like this. You need to have devise_for first, and the token_auth properly namespaced or it will cause validations issues on your other routes.

Rails.application.routes.draw do

  devise_for :admins

  namespace :api do
    scope :v1 do
      mount_devise_token_auth_for 'user', at: 'auth'
    end
  end
end

Good luck!