How to receive new token from devise_token_auth?
Question
Hi currently I'm using devise_token_auth gem gem for SPA (single page application). I'm using React-redux in front-end and rails at backend. The authentication would be done by sending token to the server on each request. till this every thing was running smoothly:
Problem statement:
The token has to be stored in the browser which makes my app vulnerable
Solution:
Change token on each request. good enough !!!
Problem statement:
But to receieve a new token I have to send user email-id as well as password. which means these two fields has to be stored somewhere in the browser. is it good practice to store user password in browser ??
Or there exist any better approach to do this.. any ideas ???
1 answers
solution1
2 ACCPTED 2016-12-08 06:44:20
First of all you don't have to worry about receiving new token. devise_token_auth automatically provides you a new token after each validation. See the documentation devise_auth_token token management
For example: If you use this api for token validation /validate_token you have to send uid, client, access_token . Once your token is successfully validated you will receieve a new token in the header, otherwise an error message.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.