I am having a hard time finding a simple tutorial on how to enable single access token authentication using authlogic. There is some documentation but it isn’t very helpful.
I added single_access_token to my db, I added this:
single_access_allowed_request_types :any
to my Session class. but I still don’t understand how a user is authenticated using the credentials param that is passed over every call. My require_authentication before filter does a standard check for current_user like this:
def current_session
return @current_session if @current_session
@current_session = Session.find
end
def current_user
@current_user = current_session && current_session.record
end
But is that enough to work? Does the Session.find method do the magic to log the user is based on my params or do I have to create separate method that actually check if the user_credentials param is there and then find the user based on it and then log that user in. I am confused if I really am “creating” a new session everytime I use a SAT or if I’m just setting current user in a before filter every time an API call is made.
Any help would be amazing! Thanks!
I implemented a single_access_token solution with authlogic and what I had to do was add
single_access_allowed_request_types :allto the UserSession model.Then I added the following to the controller where I wanted to allow single_access_token authentication.
It looks like you’re missing the controller code. So if you had two actions “get_user_info” and “update_user_info” you would add.