Thanks! devise_token_auth works great for me and I found your other article about testing useful as well.
But :)! What if you do need to store some session data? I'm trying to authenticate with the Discogs API which involves generating a request token, going to their website to authorize, which then redirects you to a callback route on the Rails API. What's the correct way to persist that request token in between those two requests?
Is it bad practice to just store it in a DB column for the user?
Hi! Thanks for reading, and I’m happy to hear it helped 😄
Please take my ideas below with a grain of salt, since I don’t know your specific use case and I haven't used the Discogs API.
generating a request token, going to their website to authorize, which then redirects you to a callback route on the Rails API.
I’m guessing from this description that your app has a browser client? In that case, you should be able to use session storage normally and store it like this: session[:discogs_token] = <the request token>
If you used Rails’s API mode when initializing your project (the --api flag), sessions won’t be available to you by default so it looks like you’ll have to configure a few things: stackoverflow.com/q/15342710/11249670
On the other hand, if you're supposed to store the token for a long time (longer than the session), then storing it in the DB sounds like a good idea.
For example, in a different blog post that I linked below, I talk about refresh tokens, which are supposed to be reused in every session.
In this blog post's case, I store normal access tokens in the session, and refresh tokens in the DB.
Thanks for taking the time to get back to me. My API is consumed by a Vue.js client (using vue-auth). I've tried all the different middlewares and setting api mode to false but always see my session contents emptied.
Ah well! For now I'm saving the request_token in my DB until the callback is called. And yes, the access_token is needed for using the API once authorized.
No problem, sorry I can't be more helpful. If your issue is that you can't use session at all with your configuration (not just for devise_token_auth), it might be a good question for Stack Overflow. Best of luck!
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks! devise_token_auth works great for me and I found your other article about testing useful as well.
But :)! What if you do need to store some session data? I'm trying to authenticate with the Discogs API which involves generating a request token, going to their website to authorize, which then redirects you to a callback route on the Rails API. What's the correct way to persist that request token in between those two requests?
Is it bad practice to just store it in a DB column for the user?
Hi! Thanks for reading, and I’m happy to hear it helped 😄
Please take my ideas below with a grain of salt, since I don’t know your specific use case and I haven't used the Discogs API.
I’m guessing from this description that your app has a browser client? In that case, you should be able to use session storage normally and store it like this:
session[:discogs_token] = <the request token>
If you used Rails’s API mode when initializing your project (the
--api
flag), sessions won’t be available to you by default so it looks like you’ll have to configure a few things: stackoverflow.com/q/15342710/11249670On the other hand, if you're supposed to store the token for a long time (longer than the session), then storing it in the DB sounds like a good idea.
For example, in a different blog post that I linked below, I talk about refresh tokens, which are supposed to be reused in every session.
In this blog post's case, I store normal access tokens in the session, and refresh tokens in the DB.
Beginner’s guide to OAuth: Understanding access tokens and authorization codes using Google API
Risa Fujii ・ Aug 16 '19 ・ 7 min read
Hope this helps somewhat!
Thanks for taking the time to get back to me. My API is consumed by a Vue.js client (using
vue-auth
). I've tried all the different middlewares and setting api mode to false but always see mysession
contents emptied.Ah well! For now I'm saving the request_token in my DB until the callback is called. And yes, the access_token is needed for using the API once authorized.
No problem, sorry I can't be more helpful. If your issue is that you can't use
session
at all with your configuration (not just fordevise_token_auth
), it might be a good question for Stack Overflow. Best of luck!