我是新手使用gem devise_token_auth并使用移动客户端api,有两个问题:
1)我应该如何识别用户?我目前的理解是在http请求标头集 access_token 这是对的吗?
但似乎源代码我应提供 uid , access_token ,客户端 link
uid = request.headers['did']
@token = request.headers['access-token']
@client_id = request.headers['client']
2)我可以找到如下所示的 user.tokens :
{"AOYZdDmwI7WQr8I6T4PpPw"=>{"token"=>"$2a$10$C/5f3JV7.9DZG8w.ggdCPelB6kzitWuGK4rfozHv15Hhf/x9DaCcO", "expiry"=>1473485374, "last_token"=>"$2a$10$abctsIP5bHPIm2nMXFTUH.1jPWQ5LiGTTrENjoqihWgcCkwRqbxb6", "updated_at"=>"2016-08-27T13:29:34.948+08:00"}}
是client,访问令牌?
谢谢!
答案 0 :(得分:0)
headers = JSON.parse(cookies['authHeaders'])
uid = headers['uid']
token = headers['access-token']
client_id = headers['client']
user = User.find_by_uid(uid)
if !user || !user.valid_token?(token, client_id)
render json: {error: "Usuario no autorizado."}, status: 401
end