Devise VS Devise Token Auth

[changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D

As much as this article is about user authorization, there's something important we need to cover: user authentication. Without it, any authorization policies we try to define later on will be useless. But there is no need to write authentication from scratch. Let's use Devise.

With around 50 new gems released daily, it is common to use trending libraries for managing everyday tasks. You probably use Devise for authentication, Cancan for authorization, Kaminari for pagination, or run tests with Rspec.

Devise is an authentication library built on top of Warden, a Rack-based authentication framework.

devise: An authentication library designed for Rails

I used Devise, this is a Ruby on Rails app

In this article, we will explore how to implement authentication in a Rails 7 application using the popular devise gem. Authentication is a crucial aspect of web development, allowing users to securely access and interact with your application. By following this step-by-step guide, you will learn how to set up devise, configure authentication routes, create user models, and enhance your application with authentication features.

Have a look at the change log for 4.9.0 here where the PR I linked was actually released: https://github.com/heartcombo/devise/blob/main/CHANGELOG.md.

I have a React single page application using React Router that hooks into a Rails 5 API. The Rails application uses devise_token_auth for authentication. I've successfully created an authentication process that stores the user state in a Redux store on the client side.

Did you send an authorization header with your api call? The error is pretty clear — the request is unauthorized. Devise is expecting session cookies, but your api should use tokens. https://github.com/lynndylanhurley/devise_token_auth

I mentioned Identity in my first comment. I've never found it as simple as Devise though - especially in an API only setting.

With Devise there's a third-party Gem you can use called devise_token_auth which deals with everything automatically.

https://github.com/lynndylanhurley/devise_token_auth

redux-token-auth is a great library. What it mainly does is it provides a plug and play auth implementation functionality for ruby on rails based APIs which implement popular devise_token_auth for auth handling.

have you looked at https://github.com/waiting-for-dev/devise-jwt or https://github.com/lynndylanhurley/devise_token_auth

I'd prefer to have a standalone rails API and a react client separately, but that's not mandatory. I discovered a gem called devise_token_auth and it didn't seem to have refresh tokens but it refreshed the tokens on every request anyway so I was pretty happy with it.

As a side note, also check out devise_token_auth here