Add config to not create new clients on standard Devise requests #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If `enable_standard_devise_support` is `true`, XHR requests that rely on standard Devise authentication (i.e. a logged in session) seemed to inadvertently create new client instances. This meants if you have a high volume of XHR requests to an ApplicationController that uses devise_token_auth, if those clients don't respect/use the devise_token_auth headers, soon those clients will cause devise_token_auth to rotate out all its tokens, leaving other clients with invalid tokens. This adds a config `standard_devise_dont_create_new_client` that defaults to `false` (previous behavior), but if you want XHR requests using standard Devise to not rotate clients/tokens, setting `standard_devise_dont_create_new_client` will return early, before devise_token_auth gets to the token rotation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DO NOT MERGE: Just making a PR so it's easy to see what we've customized.
If
enable_standard_devise_supportistrue, XHR requests that relyon standard Devise authentication (i.e. a logged in session) seemed to
inadvertently create new client instances. This meants if you have a
high volume of XHR requests to an ApplicationController that uses
devise_token_auth, if those clients don't respect/use the
devise_token_auth headers, soon those clients will cause
devise_token_auth to rotate out all its tokens, leaving other clients
with invalid tokens.
This adds a config
standard_devise_dont_create_new_clientthatdefaults to
false(previous behavior), but if you want XHR requestsusing standard Devise to not rotate clients/tokens, setting
standard_devise_dont_create_new_clientwill return early, beforedevise_token_auth gets to the token rotation.