How to Add Token Authentication to a Rails 5 API

My notes on authenticating a Rails 5 API

Setting up

To start, we’ll setup a Rails 5 API only app and a resource called scripts.

$ rails new token-auth-example --api --database=postgresql
$ rails g scaffold Script name:string
$ rake db:migrate

Setting up devise_token_auth

devise_token_auth helps add “Token based authentication for Rails JSON APIs”.
It’s compatible with token authentication for multiple frontend libraries such as Angular 2, React, and plain jQuery out of the box.

Add devise_token_auth to your gemfile and bundle.

Basic setup consists of generating the User model and migrating.
Check out the devise_token_auth and devise readmes for additional setup options.

$ rails g devise_token_auth:install User auth

Before migrating, remove unneeded attributes in user model & migration ex: confirmable, omniauthable.

$ rake db:migrate

Since this is an API only application, there are no views, and we need to tell Devise’s to use json instead of flash messages for errors.
This can be done in config/initializers/devise.rb

Devise.setup do |config|
    config.navigational_formats = [ :json ]
end

Protecting Controller Actions with Autnetication

Devise covers different methods to protect resources with auctication, we’ll be using the before_action.
We’ll protect everything except the index and show actions.
app/controllers/scripts_controller.rb

  before_action :authenticate_user!, except: [:index, :show]

to be continued…