Comments (7)
At the moment, I used a workaround where I have a different controller which logs in the partner and redirects the partner to the partner show URL. Using the sign_in_token = true
, the acts_as_token_authentication_handler
does not need to be placed on top of the original controller.
It may however still be an interesting use case to allow scoping for this method, so I'll leave this open.
from simple_token_authentication.
Hi @silox, seems you're right about the access denied causes; I'm AFK right
now ; )
from simple_token_authentication.
Hi @silox, I'm sorry I haven't replied to you sooner.
The use case you want to implement is quite complex. In fact, my first idea in such a case would be either to treat "User" and "Partner" as roles with a single User
model, or to implement them as two sub-classes of an unique token authenticatable class (typ. through Single Table Inheriance). In that last implementation, I would probably name their parent class Account
or User
, while the children could be PartnerAccount
/UserAccount
or CustomerPartner
/Customer
... there are a bunch of possibilities depending on your business. I didn't knew about CAS, and I don't know if it can interfere with such a design.
On the other hand, it should be possible to allow passing the only: [:show, :confirm]
option to acts_as_token_authenticatation_handler
. However, since that option won't affect the method itself but authenticate_resource!
, I'm not sure about which syntax could avoid ambiguity.
A third way could be allowing to disable, through an initializer option, the authenticate_resource!
calls. That would delegate to you to call it after each acts_as_authentication_handler
decalaration. I don't like very much this possibility because of the importance of that call (remember the Access Forbidden
is finally ensured by Devise, not by Simple Token Authentication). Yet it could be considered.
from simple_token_authentication.
Hi @silox, taking about making the authenticate_resource!
calls optional, I think the last part of this comment may interest you.
We still would have to define how that would interact with the eventual :only
options, but that may simplify your issue.
Regards!
from simple_token_authentication.
👍
from simple_token_authentication.
Hi, keep an eye on #66.
from simple_token_authentication.
Since v1.5.0 the #66 feature is implemented and examples can be found in the Installation section of the README
file.
from simple_token_authentication.
Related Issues (20)
- Is that gem work with API? HOT 4
- Mongoid does support Rails 6 now/soon HOT 3
- uninitialized constant SimpleTokenAuthentication::Adapters HOT 5
- Gem doesn't protect data?
- separate registration and signin so no token is received by client when registering
- how to auth 2 different models with same alias ?
- acts_as_token_authenticatable causes a DEPRECATION WARNING
- Q: How to do not require user_email? HOT 1
- Getting 401 unauthorized Error
- Where should I store the token on the frontend? HOT 3
- Entering fallback! with token_correct? set to true HOT 1
- 406 Errors on Authentication Test
- The mongoid range of supported versions needs review
- Discussions are set up! HOT 1
- Identify support requests, feature requests in issues and pull requests HOT 1
- Update the contributing guidelines to mention Discussions etc.
- Add (actual) example of maintenance trade-off for discussion HOT 1
- split responsibilities of acts_as_token_authentication_handler_for method HOT 1
- Rails 7 support? HOT 30
- Can we use JWT as a user token?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simple_token_authentication.