Devise Resource not Authenticated

Question

Devise Resource not Authenticated

ror-vs opened this issue 2 years ago · comments

I am using devise-jwt gem for token-based authentication for multiple resources. The problem that I am facing is that, even without providing the emails and password for the resource, the resource is logged in without authenticating.

Expected behavior

the resource should be authenticated before login

Actual behavior

the resource is logged in without authentication

In devise.rb initializer I have

in my routes i have

My session controllers for the resources are as follows:

Here is a snap from the login api where password is not provided but it has logged in th client

Marc Busqué · Answer 1 · Wed Apr 13 2022 14:35:38 GMT+0800 (China Standard Time)

Probably related to https://github.com/waiting-for-dev/devise-jwt#session-storage-caveat

Viral Square Dev · Answer 2 · Wed Apr 13 2022 14:51:45 GMT+0800 (China Standard Time)

Probably related to https://github.com/waiting-for-dev/devise-jwt#session-storage-caveat

it worked. Thanks

Viral Square Dev · Answer 3 · Wed Apr 13 2022 16:00:04 GMT+0800 (China Standard Time)

is there a way we can create the custom token for the resources which are not being created from devise?
my test case is I am decoding the info from google token and then saving it backend. is it possible to create a token for it?

Marc Busqué · Answer 4 · Thu Apr 14 2022 20:27:33 GMT+0800 (China Standard Time)

No, this is an extension for Devise. Probably you'll need to manually do something with https://github.com/jwt/ruby-jwt