Skip to content

Latest commit

 

History

History
3232 lines (3028 loc) · 392 KB

CHANGELOG.md

File metadata and controls

3232 lines (3028 loc) · 392 KB

Changelog

v1.2.4 (2024-10-21)

Full Changelog

Closed issues:

  • Different rails versions supported #1622
  • Your application has sessions disabled. To write to the session you must first configure a session store #1616
  • Support Rails 7.1 #1608
  • Demo crash #1410
  • Does DTA support HTTP Only Cookie Refresh tokens along site access tokens? #1371
  • resource_class wrong number of arguments (1 for 0) #268
  • Having both devise and devise_token_auth #120

Merged pull requests:

v1.2.3 (2023-11-13)

Full Changelog

Merged pull requests:

v1.2.2 (2023-06-11)

Full Changelog

Closed issues:

  • keep getting a 401 on overriden create devise #1598
  • Method sign_in called with incorrect paramenters #1585
  • Release latest version, there are too many fixes in the master waiting to be released #1560
  • NoMethodError: undefined method `downcase' for nil:NilClass #1540
  • Confirming an already confirmed user -- still not quite working. #1123
  • Email confirmation route #1110

Merged pull requests:

v1.2.1 (2022-09-10)

Full Changelog

Closed issues:

  • registrations controller. tokens only for authenticated #1553
  • Rails 7 support #1552
  • Not working with any version of Rails 6 and 7 #1551
  • Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes #<Psych::SyntaxError #1548
  • undefined local variable or method `cookies' for #<Api::MesController:0x00007f93aa1cb9f8> #1538
  • Rails 7 support? #1533
  • Request: #1526
  • Rails 7 Issue #1523
  • Bearer Token Usage #1522
  • Got "ActionDispatch::Request::Session::DisabledSessionError" #1521
  • Travis CI migration or alternatives #1518
  • Update dependency to support Rails 7.0.0.rc1 #1515
  • Devise, devise_auth_token and activeadmin with 2 different models - Controller error #1512
  • Paranoid mode still returning a distinguishable 404 responses #1510
  • Invalid client with google-oauth2 #1499
  • Concurrency issue? #1497
  • Doesn't seem to follow Bearer Token authorization spec...? #1487
  • Can we have a new version released? #1483
  • Token invalidation after canceled request by the frontend app #1232
  • FrozenError (can't modify frozen Hash) #1151
  • Password Reset Links Invalidated After Being Clicked #1141
  • Authorization Request Header Field? #902
  • jsonb token #841

Merged pull requests:

v1.2.0 (2021-07-19)

Full Changelog

Implemented enhancements:

Closed issues:

  • DeviseTokenAuth::Errors::InvalidModel #1485
  • How not to update the headers when the api server returns a response with an error status #1476
  • Does not install on Rails 6.1 and Ruby 2.7, fresh install #1475
  • Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated #1474
  • @token not assigned prior to delete/destory #1465
  • Installing devise_token_auth on MacOS, rails conflict #1458
  • Deprecation warning connection_config is deprecated and will be removed from Rails 6.2 when using Rails 6.1 #1451
  • Trying to integrate with devise-multi_email #1421
  • Rails email change not send confirmation emaill #1338

Merged pull requests:

v1.1.5 (2020-12-08)

Full Changelog

Closed issues:

  • Update dependency to support Rails 6.1/6.1.0.rc1 #1443
  • undefined method `tokens' for #<Hash: #1442
  • Wrong tokens after server restarts? #1430
  • ConfirmationsController#show - undefined method `rails51?' for Devise:Module #1429
  • Persisting sessions with Warden #1426
  • Active_Admin and devise_auth_token #1424
  • Rails51? method is dropped from devise gem #1411
  • Rails 6.0.3.1 generate error #1409
  • Does this integrate with devise? #1408
  • Email and Password Can't be blank #1405
  • Release new version? #1403
  • Generator is not compatible with Rails 6 #1400
  • Add some tags to this project? #1399
  • After sign in, any access-token is valid with correct client #1394
  • Gitbook docs table too wide #1383
  • set_request_start overrides token set by earlier current_user call #1370
  • override authenticate_user! error response method #1369
  • Check how long an existing token is going to last #1357
  • Why is Trackable option still active? #1356
  • Force users to reset passwords on the first logins #1354
  • undefined local variable or method `resource_name' #1352
  • Rails 6.1 DEPRECATION WARNING: Uniqueness validator case sensitivity #1345
  • NoMethodError (undefined method `saved_change_to_attribute?' with Mongoid #1335
  • Sessions POST being forwarded to GET and returning 405 #1294
  • How do I obtain a token using omniauth-saml ? #960

Merged pull requests:

v1.1.4 (2020-06-02)

Full Changelog

Closed issues:

  • possible to disable the self-registration endpoint? #1402
  • Axios formatting and Rails controller validation? #1380
  • NoMethodError (undefined method `client' for "<token>":String) #1375
  • mation_instruction #1373
  • Unpermitted parameter :session when signing in using javascript fetch #1361
  • How do i authenticate with graphql-ruby? #1360
  • Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable #1013

Merged pull requests:

v1.1.4 (2020-06-02)

Full Changelog

Closed issues:

  • possible to disable the self-registration endpoint? #1402
  • Axios formatting and Rails controller validation? #1380
  • NoMethodError (undefined method `client' for "<token>":String) #1375
  • mation_instruction #1373
  • Unpermitted parameter :session when signing in using javascript fetch #1361
  • How do i authenticate with graphql-ruby? #1360
  • Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable #1013

Merged pull requests:

Change Log

v1.1.3 (2019-09-26)

Full Changelog

Fixed bugs:

Closed issues:

  • Rails 6.0 #1334
  • CookieOverflow with #1322
  • Confirmations controller route error not found #1316
  • render_create_error not called when no json is provided #929

Merged pull requests:

v1.1.2 (2019-08-24)

Full Changelog

Closed issues:

  • Make compatible with devise 4.7 #1331
  • Error after upgrade to Rails 6.0.0 #1329
  • Documentation link on sidebar is incorrect #1325
  • Unable to create user with mongodb as ORM #1293
  • Missing user credential in confirmation redirect url querystring #1292

Merged pull requests:

v1.1.1 (2019-08-18)

Full Changelog

Closed issues:

  • I'm noticing that validate token requests are taking a long time - is there any way to turn down the cost in bcrypt for devise token auth so that the validate token requests are faster? #1326
  • How do I update a user without a token while using Devise token Auth? #1318
  • How to register with phone number instead of email as default #1313
  • uninitialized constant DeviseTokenAuth::Concerns in development. #1312
  • Change how to update existing user migration #1311
  • Huge performance downgrade from v0.1.43 to v1.1.0 #1301
  • Cant log in - #<NoMethodError: undefined method `current_sign_in_at' for #<User:0x000055e053c79c58>> #1300
  • Generate authorization headers without the need for an email and password. #1298
  • Any way to "become" user? #1291
  • Can't find documentation, can't omniauth login #1290
  • undefined method `tokens' for #<Hash:0x00007fe4698ea648> #1288
  • Possible Phishing Attack Vulnerability #1287
  • Unable to sign_in even if user confirmation is success #1285
  • Changelog? #1275
  • devise_token_auth depends on vulnerable devise version #1273
  • Database index question #1272
  • Reset Password Must Be Done in 5 Seconds #1265
  • How do I use the gem with Mongoid? [ANSWERED] #1263
  • devise_token_auth is not working in rails 6 ruby 2.6 #1259
  • undefined method '[]' for nil:NilClass when confirming email #1224
  • Unable to sign_out a user that is being deleted which causes 404 as devise_token_auth attempts to find to create headers. #1205
  • API Does Not Use Api_Controller #887
  • Use issue for "real" issue with the gem, and stackoverflow for integration problem #756
  • User tokens don't properly deserialize #121

Merged pull requests:

Change Log

v1.1.0 (2019-03-18)

Full Changelog

Implemented enhancements:

  • Mongoid Support #15

Closed issues:

  • Support Devise 4.6 #1270
  • Headers remove token when config token_lifespan #1268
  • Reset Password Flow #1264
  • How to check Client value is expired or not? #1254
  • access to current_user not available #1246
  • subsequents Sign In does not add new tokens and return 401 #1244
  • Could not find generator 'devise_token_auth:install_mongoid' #1239
  • undefined method `authenticate_user!' when User class nested in module #1234
  • I cant acsess to current_user #1231
  • Update token_lifespan in production remove response headers #1227
  • Rename uid field to uuid #1225
  • mysql2 0.4.6 error: use of undeclared identifier 'MYSQL_SECURE_AUTH' #1222
  • POST with JSON Content-Type: application/json not passing parameters #1221
  • Password controller : edit does not use default password reset url ? #1219
  • Mongoid support #1198
  • ensure_pristine_resource error #1135
  • codeclimate-test-reporter soon be deprecated #1080
  • Session Overflow Error #1077

Merged pull requests:

v1.0.0 (2018-10-23)

Full Changelog

Closed issues:

  • If the user is invalid, it doesn't return the tokens in sign in #1160
  • Upgrading Gem versions #1148

Merged pull requests:

v1.0.0rc2 (2018-09-21)

Full Changelog

Closed issues:

  • Is uid mandatory for devise token auth to find current user? #1214
  • Remove uniqueness for email #1213
  • NameError ActiveRecord::AttributeSet after redeploying #1210
  • Token is no longer accepted after some time, only with a new "validate token" request #1204
  • How to share tokens across subdomains using devise-token-auth? #1199
  • 401s after response with new headers fail #1174
  • A few refreshes after login gives me a blank access token and expiry, logging me out #1147
  • Extract Registrations Controller logic out to overrideable methods ??? #1143
  • ConfirmationsController redirection error #1084
  • Where should I store token? #1005
  • devise_token_auth initializer breaks omniauth paths #966
  • default_confirm_success_url fails in initializer #223

Merged pull requests:

v0.2.0 (2018-08-10)

Full Changelog

Merged pull requests:

v1.0.0rc1 (2018-08-10)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • overriding registrations controller with active model serializer. #1194
  • NameError (undefined local variable or method `provider' for #<User:0x00000005bacd18>): #1187
  • The email_required? method is not working #1186
  • Forgotten log files on the dummy test folder - More than a hundred megabytes #1185
  • undefined method `create_token' for #<User:0x00007f8fa9a25900> Did you mean? created_at #1179
  • Unpermitted parameter: :registration #1178
  • Remove Password Validation #1177
  • Devise Token Auth Postman configuration #1173
  • Set default provider as "username" instead of "email" #1172
  • How to implement 2FA? #1171
  • Skip email confirmation #1170
  • Multiples Profiles Relationship #1168
  • request.headers.merge is not work. #1167
  • How to add another parameter to validate a user? #1162
  • Getting undefined method make\_response! for overridden Devise controller class #1158
  • cant sigh_in on my custom controller #1150
  • Mocha/minitest issue in test_helper.rb #1149
  • How could send the access-token and other credentials ? #1146
  • How to override concern #1145
  • Support for find_for_database_authentication #1138
  • Breaking tests / travis builds - Mocha gem was updated. #1137
  • How solve undefined method `allow_password_change' while changing user password ? #1136
  • Email case_insensitive with soulda matchers #1133
  • Clear ActiveRecord::AttributeMethods::Dirty Deprecated Methods #1131
  • Password/Edit route not working #1127
  • Automatic Login after successful email confirmation #1122
  • Clarification on OAuth Flow #1118
  • New Bounty: $100 for README Edits/Improvements, issue queue cleanup #1114
  • Tests on token expiry fail when they're run on the WET time zone #1112
  • uid is blank upon basic rails 5 api setup, user registration #1111
  • v0.1.43 causes Missing confirm_success_url parameter error #1108
  • max_number_of_devices config seems doesn't work! #1107
  • LoadError: cannot load such file -- omniauth #1105
  • Token is not generated when login through facebook #1099
  • Why does update_auth_header need to query the resource for tokens again? #1097
  • "an error ocurred" when receiving the callback from google #1090
  • devise omniauth redirect issue after installing devise_token_auth #1088
  • Simplify the Readme. #1069
  • Different max_number_of_devices based on devise model #1003
  • Action Cable and devise token auth #986
  • Cut a release #972
  • minor error in README with regard to usage alongside Devise #745
  • E-mail confirmations sent twice (duplicate emails) #677
  • Reset Password doesn't getting expired.. #672
  • What's the reset password flow? #604
  • Dynamic token lifespan based on user input #580
  • How to test user authenticated methods via rspec #455
  • Testing with rspec #75

Merged pull requests:

v0.1.43 (2018-03-07)

Full Changelog

Closed issues:

  • Problems with devise version #1102
  • user_signed_in? is false after successful sign in #1101
  • Basic Example with Postman? #1094
  • No create in confirmations controller? #1093
  • Does it works with Sequel? #1092
  • Can't add field for unique validation #1089
  • No access_token through api when signing in by finding user. #1087
  • Password Reset Link params without POST /password #1070
  • Confirmable should not be dependant on trackable #1065
  • NoMethodError: undefined method `provider' for #<User #1063
  • Log my user via token and session to share login over 2 app #1062
  • Error ActionController::RoutingError: No route matches [GET] "/omniauth/pincode" #1058
  • Support Devise 4.4.0 & Ruby 2.5.0 #1057
  • Missing acces-token in Response Header #1053
  • #<IndexError: string not matched> after second sign_in request with postgres #1052
  • Manual Authentication and Registration #1051
  • I can not insert name when registering user #1048
  • NoMethodError: undefined method 'allow_password_change=' #1046
  • Confirmation flow #1045
  • undefined local variable or method `flash' for #<Devise::UnlocksController #1043
  • Easily saving access_token in User model for later 3rd party API access #1041
  • Error with mailer_sender #1037
  • NoMethodError (undefined method `valid_token?' for nil:NilClass) #1035
  • Ukrainian localization #1022
  • [WORKING] Instructions for Rails 5 API and Google OAuth2 #1020
  • Reset Password Tokens No Longer Expire #1008
  • Password Reset: Is it possible to disable returning 404 when user is not found? #987
  • Fix Warnings in Test Suite Output #976
  • error in sessions_controller.rb:42 - on sign_in after application restart #941
  • Working example with omniauth? #937
  • Duplicate error messages #892
  • Redirects to https domains break in 1.40 #832
  • Remove "AND provider='email'" from SQL when login #266
  • Using Google's Authenticator 2FA Mobile app #172
  • is devise_invitable supported? (solvable with workaround) #155
  • current_user and authenticate_user! returns false #74

Merged pull requests:

v0.1.43.beta1 (2017-11-13)

Full Changelog

Closed issues:

  • Return a authentication token #1015
  • API is not using defined ApiController but rather ApplicationController #1014
  • TypeError (can't dump hash with default proc) #1012
  • Namespaces and overriding default mailer templates #1011
  • Cant login after signing in via oauth #1010
  • Omniauth with devise token auth #1007
  • Not returning headers on error #1002
  • Hardcoded resource.provider in RegistrationsController? #997
  • Confirmation URL query parameters don't match header counterparts #993
  • Gem clashing #991
  • Sign in, Sign out not working #982
  • access token always expires in one minute #980
  • How to customize Omniauth payload #974
  • How do Create user's roles. #963
  • Why does a confirm_success_url column appear in some of the test migrations? #959
  • Readme "Usage TL;DR" section - add confirm_success_url to required params? #955
  • ar #954
  • how to get first name and last name of user #953
  • Model for nested attributes not being saved #952
  • Can not have multiple model #950
  • NoMethodError when current_user is called #947
  • How to manually send the confirmation email (e.g. after User.create in Rails console)? #946
  • Make DeviseAuthToken inherits my API base Controller? #945
  • Missing auth headers in response to validate_token #944
  • tokens_match? issue #942
  • Not send email notification when email changed ? #940
  • Token generation fails when user has incomplete data that is mandatory #938
  • Is there a way to prevent persisting the same token to user table when in batch mode? #934
  • Token expires too soon #933
  • Seeing other users data on logout and login #932
  • token authentication not working on production #931
  • Getting 'uninitialized constant ActionDispatch::Routing::Mapper::Scope (NameError)' with rails 3 #930
  • How do I include User relationships to response after authenticate #928
  • Can't unlock account through email link in lockable #927
  • accidental issue #926
  • Can't verify CSRF token authenticity on PUT request only #924
  • Reset password url no host #923
  • In batch mode tokens are unnecessarily stored for every request although unchanged #922
  • current_user not available during authorization #921
  • Resend confirmation email #920
  • Change Authentication Keys #919
  • Devise Set User By Token Is Clashing with Normal Devise Helpers #917
  • XSS (javascript execution vulnerability) #916
  • Using the Generator Without Capitalizing Model Name #912
  • undefined method `authenticate_user!' when want to version my api #908
  • RuntimeError in DeviseTokenAuth::OmniauthCallbacksController#omniauth_success on google_oauth2 login #907
  • JSON API status? #906
  • Filter chain halted as :authenticate_user! rendered or redirected #905
  • Completed 422 Unprocessable Entity [Rails 5 API only, React with J-Toker] #904
  • API authentication. Method not allowed 405. Use POST /sign_in to sign in. GET is not supported. #900
  • validate_token Works but nothing else... #899
  • OAuth failure callback error with Google provider #898
  • Registration Name attribute is not stored #897
  • The action 'edit' could not be found for DeviseTokenAuth::RegistrationsController #896
  • Change provider when sessions controller #893
  • Overriding render_create_success does not obey serializer option (AMS) #890
  • How can i get access-token with omniauth on React Native app #889
  • Forgot Password flow with JSON responses #888
  • unknown attribute 'expiry' for User. #886
  • Email Regex causing Issue - not synced with Devise email RegEx #885
  • undefined method `[]=' for nil:NilClass due to missing client_id #881
  • Return parent with sign in data? #880
  • json-hyper-schema for devise_token_auth #879
  • validate_token works on local web server, but not remote? #873
  • getting random "Authorized users only." when uploading multiple files at once. #862
  • Caching causing an issue #861
  • How to authenticate user using username using this gem ? #859
  • Segmentation Fault is raising while trying to send emails. #857
  • How to Restrict Access to a Single Client? #854
  • NoMethodError (undefined method `new_session_path' for #<Devise::OmniauthCallbacksController:0x0000000630f628>) #853
  • Token based authentication with LDAP only #850
  • Insecure session created with reset password link #848
  • Swagger / Yard Docs #846
  • NoMethodError: undefined method `[]=' for nil:NilClass in unit test #839
  • No resource_class found #838
  • How to Custom Mailer ? #837
  • Password gets updated but current password is still invalid. #836
  • CookieOverflow on namespaced controllers #835
  • no registration routes when used with devise #834
  • Incompatibility with shoulda in email uniqueness #833
  • No HTML for omniauth_external_window view in Rails 5 API #830
  • DeviseTokenAuth::TokenValidationsController#validate_token returns 401 unauthorized. #829
  • Console warning #828
  • omniauth-facebook authentication with an Angular 2 front end application. #827
  • uid is similar to email #825
  • Use POST to sign in. GET is not supported. #823
  • Invalid login credentials. Please try again. #822
  • Devise redirecting Web request to the Token JSON API #821
  • Wrong model mapped for token_validation #820
  • Banning a user #817
  • Sometimes very frequently, sometimes very randomly - 401 Unauthorized. #813
  • The confirmation email is not send with the standard devise support #812
  • Securing headers on client side #809
  • Impersonate user #802
  • Can't use JBuilder templates when overriding rendering methods #801
  • I18n broken (e.g. :already_in_use) #799
  • very unstable gem full of bugs !! #795
  • CORS answers 404 always #794
  • Authorized Users Only on iOS client #792
  • user_signed_in? doesn't returning access_token after few continuous call to it !!! #791
  • 302 found when I try to redirect to "/devise_token_auth/sessions#create" #790
  • Initializer default_password_reset_url not working. #789
  • Gem querying database twice for authenticating user #788
  • No authentication headers when using Single Table Inheritance on my User model #783
  • Can't migrate database after 'rails g devise_token_auth:install User auth' #781
  • Diferent tokens from devise and devise_token_auth some times get in conflict... #780
  • LinkedIn SignIn #778
  • Rails engine (api only) - undefined method `mount_devise_token_auth_for' for #<ActionDispatch::Routing::Mapper: #777
  • multiple congratulation emails #774
  • Set up a new API application controller not working? #773
  • Explicitly do not invalidate token #772
  • Prevent user from sharing account #770
  • I'am not able to serialize user #769
  • Could not find generator 'devise_token_auth:install' #768
  • Soft deletion #766
  • QUESTION: tokens field in database #763
  • Current user from channel. #760
  • devise_token_auth with LDAP? #759
  • Passing block to for strong parameters breaks code #758
  • API authentication: Use POST /sign_in to sign in. GET is not supported. #754
  • Integration help #753
  • undefined method `tokens' upon signing up #752
  • resource name for scoped mounting #748
  • Signing in with Mongoid 6 + Rails 5 causes AuthenticationError #742
  • Multiple user registration with multiple providers #740
  • Headers not sent on GET request #739
  • Best practice for using virtual attributes #738
  • E-mail update is enabled by default #736
  • Limit formats allowed to make requests #735
  • Error in password reset. Password not changed, even though edit returns 200 #732
  • Using devise_async and sidekiq to send emails asynchronously #727
  • Separate Devise Token Auth configuration per model #725
  • No token on response header #721
  • Massive Cookie Size Leads to Errors #718
  • 401 on sign_in #717
  • Unable to reconfirm a users email #716
  • Which is client and access_token #714
  • Sign_in custom method: how? #711
  • define_helpers not called at rails launch #708
  • Always Set Headers in Batch Mode #702
  • Use with existing User model #701
  • The inactive_message and active_for_authentication #695
  • Reset password link not working for the second time #691
  • How to properly set headers in order to use current_user, authenticate_user! etc methods? #690
  • Sign Up Permitted Parameters gets Passed but Never saves succesfully to Database #688
  • Live Demo on heroku crashes #687
  • Ruby on rails devise_token_auth gem unable to find routes #686
  • undefined method `[]' for nil:NilClass during omniauth callback #682
  • client_id resets to default after session_controller#create #680
  • "Unpermitted parameter: session" issues when action_controller.action_on_unpermitted_parameters is :raise #676
  • Rails 5 + mongoid + devise_token_auth - undefined method `add_mongoid_support=' for DeviseTokenAuth:Module (NoMethodError) #675
  • 0.1.36 to 0.1.37 Breaks Test Suite #670
  • Why NOT 'email_required?' is considered? #668
  • make a separate Apicontroller from Applicationcontroller #667
  • Devise Omniauth and DeviseTokenAuth Omniauth #666
  • Seperate view files for different models. #664
  • Password Reset Link doesn't work #658
  • [Question] Using in mobile apps (pass reset/libs for major OSes)? #657
  • confrimable registration token expire #655
  • Get extra from omniauth-facebook. #647
  • Ability to change email? #646
  • headers_names is not defined in 0.1.37 #645
  • Oauth2 - Android Authentication - one-time-code flow #639
  • make use of max_number_of_devices on sign_in #637
  • is possible to use provider and uid columns on the authentications table? #633
  • undefined method 'render' at devise_token_auth/controllers/helpers.rb #630
  • Override default routes #628
  • user_signed_in? VS user.signedIn ? #623
  • Retrieve from (local) cache first? #622
  • Update Gem (RubyGem) Not issue #621
  • Email uniqueness on both email and oauth provider #617
  • ArgumentError (wrong number of arguments (given 1, expected 0)) #616
  • exclude devise validatable module? #613
  • Devise omniauth_path_prefix overriden #610
  • Override devise token auth response #609
  • Previous authentication params remain in url after sign out when using OAuth #605
  • Problem with auth headers and multiple models #602
  • Re-written URL with token does not work with Angular default routing #599
  • Rails 5 - Missing template devise_token_auth/registrations/create #598
  • REST routes #595
  • Multiple providers per user #594
  • MongoDB #593
  • Problem with CORS setup and exposing special headers #591
  • Password reset allows user to bypass confirmable #590
  • empty request.env['omniauth.params'] causes exception #586
  • Getting Error: 'No connection pool for ActiveRecord::Base' when generating the devise_token_auth generator inside an Rails Engine #584
  • Preventing creation of users in an oauth scenario #583
  • Extend token lifespan on use? #573
  • Unable to sign in using LinkedIn #572
  • Cannot use rake with mount_devise_token_auth_for in routes.rb #570
  • Provide configuration for token hashing algorithm #560
  • Using devise_token_auth with devise for one method #559
  • omiauth-google #558
  • Use devise_token_auth with facebook iOS login SDK #556
  • omniauth-facebook login #555
  • ActionController::RoutingError (No route matches [POST] "/omniauth/steam/callback") #554
  • get Authorized users only when use devise with devise_token_auth #553
  • Models other than User not returning auth headers after each request #552
  • Cannot get ng-token-auth, devise-token-auth and Rails to work for facebook login #551
  • Yielding Resource to Overriding Controller #548
  • Confirmation controller does not response with JSON #546
  • message['redirect-url'] in the reset password email is not set automatically. #545
  • Failed migration: how to handle existing user db #544
  • set a no reply email adresse #542
  • check if user confirmed is account #539
  • support for multiple client_id #535
  • Cut some actions? #534
  • Getting issues with api authentication #529
  • Error: unknown attribute 'current_password' for User when updating a password #524
  • Error Response as HTML #522
  • render_create_success should return 201 code not 200? #516
  • RuntimeError (can't modify frozen Hash) #515
  • tokens not being serialized! #495
  • Sign in from controller #494
  • Unpermitted Parameters: confirm_success_url, config_name, registration #489
  • Bundler could not find compatible versions for gem "rails": #488
  • Does anyone try to link current omniauth account to devise-token-auth account? #487
  • I want to use a different column for provider instead of defalut "email" #485
  • @resource.allow_password_change is not persisted across requests #481
  • Would like to know is there any missing for i18n translation file? #479
  • Unpermitted paramter: session (401 Unauthorized) for only one particluar user #477
  • Reading logged user in constraint #475
  • devise_token_auth is being called when it shouldn't #473
  • Unable to override sessions controller #471
  • Support Devise Strong Parameters by Block #464
  • How to make http header still available when return to oauth call back #461
  • skip: [:omniauth_callbacks] doesn't work in v0.1.37.beta3 #460
  • This gem change default omniauth path? #459
  • Rails 5 compatible? #458
  • Null email causes NoMethodError (undefined method `downcase!' for nil:NilClass) #457
  • Cannot send confirmation email when using alongside with standard devise #456
  • cancancan: load_and_authorize_resources causes method_missing failure #452
  • example app for api #451
  • is session store necessary? #449
  • HTTP Headers not being sent when using as an API from an Android Phone #448
  • Is it possible to pass token via json? #447
  • NoMethodError (undefined method enable\_standard\_devise\_support' for DeviseTokenAuth:Module\): app/controllers/devise\_token\_auth/concerns/set\_user\_by\_token.rb:35:in set_user_by_token' #437
  • duplicate method - resource_class #433
  • Unpermitted parameter errors #432
  • redirect_uri_mismatch after update from 0.1.34 to 0.1.37 #420
  • password_confirmation not actually required #419
  • Why should I use .to_json to get the right json object and not an array? #400
  • Errors after removing confirmable #397
  • Add JSON API (v1.0) compliant API option #396
  • NoMethodError in DeviseTokenAuth::SessionsController#create #394
  • Add better uid + provider unique support #392
  • Unable to Logout after sign up and/or sign in #391
  • Cohabitation with doorkeeper #389
  • React native signup/login using Facebook SDK #385
  • when does tokens field get cleared #372
  • Passing access_token after signup #366
  • 'no implicit conversion of Hash into String (TypeError)' on Travis CI #365
  • discrepancy between registration events #364
  • Block isn't called in super do |resource| override. #363
  • Auth header is not being set in sign up when using confirmable with allowed unconfirmed access #361
  • Spontaneous log out from app (presumably because of batch requests) #359
  • github provider callback url (?auth_token) #354
  • Is it possible to authenticate_user! without failing the filter chain? #353
  • Support for Lockable and Timeoutable when using Devise and DeviseTokenAuth #346
  • Official support and documentation on how to use alongside Devise for APIs #345
  • permitted parameters not working as expected #344
  • Using devise and devise_token_auth side by side #343
  • Multiple Devise Models. One using token #342
  • ArgumentError in DeviseTokenAuth::ConfirmationsController#show #339
  • Issue with audited-activerecord #338
  • Ember Simple Auth #334
  • group authentication not redirecting #332
  • Getting `table_exists?' error when using devise_token_auth with Mongoid #325
  • Can't authorize (user_signed_in? always show false) #316
  • Devise Email Validation #314
  • Android native - Unpredictable 401 #313
  • How to skip confirmation on register but possibility to ask later #303
  • User with multiple providers gets invalid login credential except the latest provider he/she registered. #298
  • Conder making view helpers available in token_validations_controller #292
  • Using alongside "normal" rails app #290
  • Reset password error. #284
  • Configured verbatim, devise_token_auth receives this error google only #282
  • Facebook Auth isn't working for Google Chrome users that have Data Compression set to on #279
  • Used alongside standard Devise broke the Devise mail confirmation #265
  • How To Handle Guest Account #264
  • confirmable feature bugs? #263
  • helper methods don't work #258
  • reset password link is not getting to redirection #247
  • Should a 404 reset tokens? #244
  • Devise.secret_key was not set. Please add the following to your Devise initializer #235
  • Expected params don't match Devise itself #233
  • Namespaced Models #228
  • Can't verify CSRF token authenticity #227
  • Error on OmniauthCallbacksController#omniauth_success #222
  • undefined method `authenticate_user!' #219
  • The omniauth implementation on this gem use redirection. We need to get around these. #216
  • Which software did you use to create the workflow ? #215
  • AbstractController::ActionNotFound (The action 'new' could not be found for DeviseTokenAuth::RegistrationsController): #212
  • Oauth broken when attributes have a new line #211
  • No route matches [GET] "/omniauth/sign_in" #199
  • I have a rails backend rendered app (erb). Can I switch to devise token auth? #196
  • authentication via phone # #194
  • Cannot use this gem alongside Devise #192
  • Some headers without "access-token" (and friends) while testing with Rspec #188
  • AbstractController::ActionNotFound with Controller Override #185
  • Best way to set up migration for installation on existing User table already using Devise? #181
  • Architecture Q: Why did you not use Warden? #180
  • NoMethodError (undefined method `[]=' for nil:NilClass) #178
  • Sign_in / Sign_up via token_auth and via session #168
  • Facebook login - Redirect issue #166
  • expired confirmation & reset link #164
  • Storing token in Redis? #163
  • list with http response codes #157
  • Trouble accessing provider auth key and secret #153
  • Omniauth: New user or not ? #151
  • Forcing SSL for DeviseTokenAuth causes error 'new' could not be found #141
  • NoMethodError (undefined method `name' for nil:NilClass) - devise_controller.rb:22 #134
  • Sudo action / confirm your identity protocol #131
  • devise_token_auth for multiple client #122
  • Invalid Authenticity Token with last version #109
  • Routes not properly set #101
  • allow_unconfirmed_access_for #89
  • Usage with Grape #73
  • Allow updating of default attributes by default? #61

Merged pull requests:

  • Fixes include bug causing sign_in to require auth #1016 (karlingen)
  • Update CONTRIBUTING.md #1009 (stratigos)
  • Adding Danish locale #1006 (mikkeljuhl)
  • allow only one confirmation #1001 (MaicolBen)
  • Added capitalize to user_class in model file template #1000 (kiritAyya)
  • Match email regexp with devise #999 (MaicolBen)
  • Edit RegistrationsController#create to use ResourceFinder::provider #998 (m4-miranda)
  • 993 - mirror auth header keys in build_auth_url query params #996 (ethagnawl)
  • Add link to wiki of how to add fields for an existing user table #985 (MaicolBen)
  • contemplate single table inheritance in DeviseTokenAuth::Concerns::SetUserByToken#set_user_by_token #984 (maxwells)
  • Upgrade test suite to use Rails 5 #981 (lynndylanhurley)
  • Conditionally set rails version on migration #979 (MaicolBen)
  • remove confirm_success_url entries from dummy migrations #978 (ethagnawl)
  • link to cached version of _How to Run a Single Rails Unit Test_ blog … #977 (ethagnawl)
  • Fix default provider after refactor in concern #975 (MaicolBen)
  • Adding in unlocks controller and specs. This should resolve #927. #971 (brycesenz)
  • Add a call to contribute to the top of the README. Ref #969. #970 (zachfeldman)
  • CONTRIBUTING: Add header, format sections #968 (olleolleolle)
  • Add note about Grape usage. Closes #73. #967 (zachfeldman)
  • Allow other provider than email when logins #964 (MaicolBen)
  • change devise method to reset password by token #957 (dks17)
  • Docs - add confirm_sucess_url to required params in email registration #956 (pnewsam)
  • Fix header name on account delete documentation #909 (mconiglio)
  • Document the confirm_success_url param for email registration #901 (nerfologist)
  • Fix header markdown typo #895 (f3ndot)
  • Support setting whitelist, without setting default redirect_url #894 (dkniffin)
  • Feature/customable authorized users only error response #869 (abeyuya)
  • Use rails validator instead of custom one #865 (MaicolBen)
  • Ability to use different default fields in model #849 (blddmnd)
  • GitHub Issues template, Contributing guidelines #847 (olleolleolle)
  • Better implementation to test if connection to db is active #843 (richardxia)
  • Improve documentation for testing. #840 (JonRowe)
  • Allow user specific token lifespans #704 (codez)
  • Always set header in batch mode #703 (codez)
  • Fix for issue #677 #678 (develop-test1)
  • Flag signin when user confirms email address. #410 (ghost)

Change Log

Full Changelog

Implemented enhancements:

  • Rails generator to update views #33
  • Extract Omniauth attributes assignation into a method #31

Fixed bugs:

  • Generator doesn't work correctly with mongoid and/or rails-api #14
  • Generator issues #13

Closed issues:

  • Return a authentication token #1015
  • API is not using defined ApiController but rather ApplicationController #1014
  • TypeError (can't dump hash with default proc) #1012
  • Namespaces and overriding default mailer templates #1011
  • Cant login after signing in via oauth #1010
  • Omniauth with devise token auth #1007
  • Not returning headers on error #1002
  • Hardcoded resource.provider in RegistrationsController? #997
  • Confirmation URL query parameters don't match header counterparts #993
  • Gem clashing #991
  • Sign in, Sign out not working #982
  • access token always expires in one minute #980
  • How to customize Omniauth payload #974
  • How do Create user's roles. #963
  • Why does a confirm_success_url column appear in some of the test migrations? #959
  • Readme "Usage TL;DR" section - add confirm_success_url to required params? #955
  • ar #954
  • how to get first name and last name of user #953
  • Model for nested attributes not being saved #952
  • Can not have multiple model #950
  • NoMethodError when current_user is called #947
  • How to manually send the confirmation email (e.g. after User.create in Rails console)? #946
  • Make DeviseAuthToken inherits my API base Controller? #945
  • Missing auth headers in response to validate_token #944
  • tokens_match? issue #942
  • Not send email notification when email changed ? #940
  • Token generation fails when user has incomplete data that is mandatory #938
  • Is there a way to prevent persisting the same token to user table when in batch mode? #934
  • Token expires too soon #933
  • Seeing other users data on logout and login #932
  • token authentication not working on production #931
  • Getting 'uninitialized constant ActionDispatch::Routing::Mapper::Scope (NameError)' with rails 3 #930
  • How do I include User relationships to response after authenticate #928
  • Can't unlock account through email link in lockable #927
  • accidental issue #926
  • Can't verify CSRF token authenticity on PUT request only #924
  • Reset password url no host #923
  • In batch mode tokens are unnecessarily stored for every request although unchanged #922
  • current_user not available during authorization #921
  • Resend confirmation email #920
  • Change Authentication Keys #919
  • Devise Set User By Token Is Clashing with Normal Devise Helpers #917
  • XSS (javascript execution vulnerability) #916
  • Using the Generator Without Capitalizing Model Name #912
  • undefined method `authenticate_user!' when want to version my api #908
  • RuntimeError in DeviseTokenAuth::OmniauthCallbacksController#omniauth_success on google_oauth2 login #907
  • JSON API status? #906
  • Filter chain halted as :authenticate_user! rendered or redirected #905
  • Completed 422 Unprocessable Entity [Rails 5 API only, React with J-Toker] #904
  • API authentication. Method not allowed 405. Use POST /sign_in to sign in. GET is not supported. #900
  • validate_token Works but nothing else... #899
  • OAuth failure callback error with Google provider #898
  • Registration Name attribute is not stored #897
  • The action 'edit' could not be found for DeviseTokenAuth::RegistrationsController #896
  • Change provider when sessions controller #893
  • Overriding render_create_success does not obey serializer option (AMS) #890
  • How can i get access-token with omniauth on React Native app #889
  • Forgot Password flow with JSON responses #888
  • unknown attribute 'expiry' for User. #886
  • Email Regex causing Issue - not synced with Devise email RegEx #885
  • undefined method `[]=' for nil:NilClass due to missing client_id #881
  • Return parent with sign in data? #880
  • json-hyper-schema for devise_token_auth #879
  • Can´t retrieve access token in login response headers #877
  • devise_token_auth blocks upgrade to Rails 5.1.0 #875
  • validate_token works on local web server, but not remote? #873
  • how do I login a user after account signup? #866
  • getting random "Authorized users only." when uploading multiple files at once. #862
  • Caching causing an issue #861
  • How to authenticate user using username using this gem ? #859
  • Can only register one account. #858
  • Segmentation Fault is raising while trying to send emails. #857
  • No access-token in the header #855
  • How to Restrict Access to a Single Client? #854
  • NoMethodError (undefined method `new_session_path' for #<Devise::OmniauthCallbacksController:0x0000000630f628>) #853
  • Headers not present in all requests #851
  • Token based authentication with LDAP only #850
  • Insecure session created with reset password link #848
  • Swagger / Yard Docs #846
  • uninitialized constant SECRET_KEY_BASE #845
  • NoMethodError: undefined method `[]=' for nil:NilClass in unit test #839
  • No resource_class found #838
  • How to Custom Mailer ? #837
  • Password gets updated but current password is still invalid. #836
  • CookieOverflow on namespaced controllers #835
  • no registration routes when used with devise #834
  • Incompatibility with shoulda in email uniqueness #833
  • devise_token_auth: can't work with Rails subdomain. #831
  • No HTML for omniauth_external_window view in Rails 5 API #830
  • DeviseTokenAuth::TokenValidationsController#validate_token returns 401 unauthorized. #829
  • Console warning #828
  • omniauth-facebook authentication with an Angular 2 front end application. #827
  • uid is similar to email #825
  • Question: email confirmation token URI with Rails API #824
  • Use POST to sign in. GET is not supported. #823
  • Invalid login credentials. Please try again. #822
  • Devise redirecting Web request to the Token JSON API #821
  • Wrong model mapped for token_validation #820
  • readme code for controller override needs a slight change #819
  • Banning a user #817
  • Support for multiple providers during same session #815
  • Sometimes very frequently, sometimes very randomly - 401 Unauthorized. #813
  • The confirmation email is not send with the standard devise support #812
  • not supporting for angular1.6 #810
  • Securing headers on client side #809
  • Add has one/belongs to assotiation #807
  • redirect_url required but not permitted in strong parameters #805
  • Impersonate user #802
  • Can't use JBuilder templates when overriding rendering methods #801
  • I18n broken (e.g. :already_in_use) #799
  • Data leak on create password reset #797
  • Rails 5 API Mode Not Authorizing #796
  • very unstable gem full of bugs !! #795
  • CORS answers 404 always #794
  • Authorized Users Only on iOS client #792
  • user_signed_in? doesn't returning access_token after few continuous call to it !!! #791
  • 302 found when I try to redirect to "/devise_token_auth/sessions#create" #790
  • Initializer default_password_reset_url not working. #789
  • Gem querying database twice for authenticating user #788
  • wrong constant name user #784
  • No authentication headers when using Single Table Inheritance on my User model #783
  • Can't migrate database after 'rails g devise_token_auth:install User auth' #781
  • Diferent tokens from devise and devise_token_auth some times get in conflict... #780
  • current_user returns nill #779
  • LinkedIn SignIn #778
  • Rails engine (api only) - undefined method `mount_devise_token_auth_for' for #<ActionDispatch::Routing::Mapper: #777
  • ActionController::RoutingError - undefined method `helper_method' #776
  • multiple congratulation emails #774
  • Set up a new API application controller not working? #773
  • Explicitly do not invalidate token #772
  • Prevent user from sharing account #770
  • I'am not able to serialize user #769
  • Could not find generator 'devise_token_auth:install' #768
  • Soft deletion #766
  • Minimum Limits on a token? #764
  • QUESTION: tokens field in database #763
  • Octopus throwing error when deleting expired tokens #761
  • Current user from channel. #760
  • devise_token_auth with LDAP? #759
  • Passing block to for strong parameters breaks code #758
  • Only one User model return the correct headers #757
  • API authentication: Use POST /sign_in to sign in. GET is not supported. #754
  • Integration help #753
  • undefined method `tokens' upon signing up #752
  • ArgumentError in Devise::RegistrationsController#new #750
  • OAuth (GitHub) redirects to callback url twice #749
  • resource name for scoped mounting #748
  • Signing in with Mongoid 6 + Rails 5 causes AuthenticationError #742
  • Rails 5 API deployed as microservices #741
  • Multiple user registration with multiple providers #740
  • Headers not sent on GET request #739
  • Best practice for using virtual attributes #738
  • E-mail update is enabled by default #736
  • Limit formats allowed to make requests #735
  • Query params left in url after facebook login cause authentication to fail on refresh #734
  • Error in password reset. Password not changed, even though edit returns 200 #732
  • Can't permit parameters in rails engine #731
  • Cannot integrate with omniauth-facebook #729
  • Using devise_async and sidekiq to send emails asynchronously #727
  • Two models, one not working #726
  • Separate Devise Token Auth configuration per model #725
  • No token on response header #721
  • Massive Cookie Size Leads to Errors #718
  • 401 on sign_in #717
  • Unable to reconfirm a users email #716
  • API response bodies are empty when using active_model_serializers #715
  • Which is client and access_token #714
  • /sign_out route is returning 404 not found #713
  • Sign_in custom method: how? #711
  • define_helpers not called at rails launch #708
  • Why is tokens field a json type and how to create a query based on inside values? #707
  • Always Set Headers in Batch Mode #702
  • Use with existing User model #701
  • Deprecation Error Message on 5.0 #698
  • "Covert Redirect" Vulnerability #696
  • The inactive_message and active_for_authentication #695
  • No route matches [POST] "/api/v1/auth" #694
  • Got this error with ActiveAdmin "wrong number of arguments (1 for 0)" #692
  • Reset password link not working for the second time #691
  • How to properly set headers in order to use current_user, authenticate_user! etc methods? #690
  • using devise_token_auth for API alongside standard devise gem for HTML view #689
  • Sign Up Permitted Parameters gets Passed but Never saves succesfully to Database #688
  • Live Demo on heroku crashes #687
  • Ruby on rails devise_token_auth gem unable to find routes #686
  • No Headers after sign_in for new Users created by Admin #685
  • NoMethodError (undefined method `headers_names' for DeviseTokenAuth:Module) #684
  • Fast page refresh problem #683
  • undefined method `[]' for nil:NilClass during omniauth callback #682
  • IndexError: string not matched on User sign_in #681
  • client_id resets to default after session_controller#create #680
  • skip_confirmation_notification! not working #679
  • "Unpermitted parameter: session" issues when action_controller.action_on_unpermitted_parameters is :raise #676
  • Rails 5 + mongoid + devise_token_auth - undefined method `add_mongoid_support=' for DeviseTokenAuth:Module (NoMethodError) #675
  • rails g devise_token_auth:install User auth hangs and does nothing #671
  • 0.1.36 to 0.1.37 Breaks Test Suite #670
  • Why NOT 'email_required?' is considered? #668
  • make a separate Apicontroller from Applicationcontroller #667
  • Devise Omniauth and DeviseTokenAuth Omniauth #666
  • Seperate view files for different models. #664
  • Bump version to support devise 4.1.1 #659
  • Password Reset Link doesn't work #658
  • [Question] Using in mobile apps (pass reset/libs for major OSes)? #657
  • confrimable registration token expire #655
  • callback :set_user_by_token has not been defined #649
  • Get extra from omniauth-facebook. #647
  • Ability to change email? #646
  • headers_names is not defined in 0.1.37 #645
  • Issues with active_model_serializers #644
  • Error with devise #643
  • Oauth2 - Android Authentication - one-time-code flow #639
  • make use of max_number_of_devices on sign_in #637
  • undefined method `token_validation_response' #635
  • when password is reset from UI, all tokens must be removed if remove_tokens_after_password_reset is true #634
  • is possible to use provider and uid columns on the authentications table? #633
  • Relax devise dependency to allow 4.1 #631
  • undefined method 'render' at devise_token_auth/controllers/helpers.rb #630
  • Override default routes #628
  • Rails 5 generator doesn't insert concern #627
  • NoMethodError (undefined method `find_by_uid') in production. #625
  • Why is password confirmation required ? #624
  • user_signed_in? VS user.signedIn ? #623
  • Retrieve from (local) cache first? #622
  • Update Gem (RubyGem) Not issue #621
  • Curl not working for sign_in but works on ng-token-angular #620
  • After Sign-in success, The following requests on Angular side are unauthorized. #619
  • Email uniqueness on both email and oauth provider #617
  • ArgumentError (wrong number of arguments (given 1, expected 0)) #616
  • Omniauth - Facebook app doesn't run callback url after successful Facebook authentication #615
  • :authenticate_user! wired behaviour #614
  • exclude devise validatable module? #613
  • current_user is nil, request headers are all upcased and prefixed with HTML_ #611
  • Devise omniauth_path_prefix overriden #610
  • Override devise token auth response #609
  • Problem in generated routes #607
  • Rails 5 API Mode - no headers in response #606
  • Previous authentication params remain in url after sign out when using OAuth #605
  • Filter chain halted as :authenticate_user! rendered or redirected #603
  • Problem with auth headers and multiple models #602
  • 422 Unprocessable Entity when using local IP address #601
  • not working with latest version of active_model_serializers #600
  • Re-written URL with token does not work with Angular default routing #599
  • Rails 5 - Missing template devise_token_auth/registrations/create #598
  • overriding rendering methods in devise_token_auth #597
  • REST routes #595
  • Multiple providers per user #594
  • MongoDB #593
  • Problem with CORS setup and exposing special headers #591
  • Password reset allows user to bypass confirmable #590
  • redirect_url is missing in email instructions sent to the user for password reset #588
  • Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password_confirmation":"abcdefgh"} #587
  • empty request.env['omniauth.params'] causes exception #586
  • Getting Error: 'No connection pool for ActiveRecord::Base' when generating the devise_token_auth generator inside an Rails Engine #584
  • Preventing creation of users in an oauth scenario #583
  • can't authenticate user when opening a new download tab #582
  • Mails are not being sent #581
  • current_user seems to be nil after doing requests from different tabs #579
  • Do we have any rspec helpers to sign_in an user? #577
  • Cannot override json response of authenticate_user! #575
  • Extend token lifespan on use? #573
  • Unable to sign in using LinkedIn #572
  • Cannot use rake with mount_devise_token_auth_for in routes.rb #570
  • return custom json data after sign_in #567
  • Provide configuration for token hashing algorithm #560
  • Using devise_token_auth with devise for one method #559
  • omiauth-google #558
  • Use devise_token_auth with facebook iOS login SDK #556
  • omniauth-facebook login #555
  • ActionController::RoutingError (No route matches [POST] "/omniauth/steam/callback") #554
  • get Authorized users only when use devise with devise_token_auth #553
  • Models other than User not returning auth headers after each request #552
  • Cannot get ng-token-auth, devise-token-auth and Rails to work for facebook login #551
  • /auth/validate_token works but getting 401 unauthorized when sending request with auth headers #550
  • Where is the access key of omniauth provider? #549
  • Yielding Resource to Overriding Controller #548
  • Confirmation controller does not response with JSON #546
  • message['redirect-url'] in the reset password email is not set automatically. #545
  • Failed migration: how to handle existing user db #544
  • How this gem is different from a JWT system? #543
  • set a no reply email adresse #542
  • check if user confirmed is account #539
  • Improper formatting for JSON API error/success responses #536
  • support for multiple client_id #535
  • Cut some actions? #534
  • Getting issues with api authentication #529
  • Is it a hybrid authentication system? #527
  • check_current_password_before_update still requires password when resetting password #526
  • Error: unknown attribute 'current_password' for User when updating a password #524
  • Error Response as HTML #522
  • Manually authenticate for testing #521
  • Support for STI #517
  • render_create_success should return 201 code not 200? #516
  • RuntimeError (can't modify frozen Hash) #515
  • DEPRECATION WARNING: alias_method_chain is deprecated #514
  • JSON responses don't fit JSON_API requirements #512
  • Not working with rails 5 and devise master #504
  • Unpermitted parameters: confirm_success_url, config_name, registration #501
  • set_user_by_token not defined in production for rails 5 #500
  • Master branch no longer working with devise master branch (version error) #498
  • uid is not getting set in git revision 996b9cf23a18 #497
  • tokens not being serialized! #495
  • Sign in from controller #494
  • ve_model_serializer namespace #492
  • Unpermitted Parameters: confirm_success_url, config_name, registration #489
  • Bundler could not find compatible versions for gem "rails": #488
  • Does anyone try to link current omniauth account to devise-token-auth account? #487
  • User remains logged in when using devise and devise_token_auth in the same app #486
  • I want to use a different column for provider instead of defalut "email" #485
  • DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 #482
  • @resource.allow_password_change is not persisted across requests #481
  • validate_token - resource_name - undefined method `name' for nil:NilClass #480
  • Would like to know is there any missing for i18n translation file? #479
  • Unpermitted paramter: session (401 Unauthorized) for only one particluar user #477
  • Reading logged user in constraint #475
  • devise_token_auth is being called when it shouldn't #473
  • Unable to override sessions controller #471
  • Helpers being loaded for Rails API's #468
  • Unable to call rails g devise\_token\_auth:install within rails engine #465
  • Support Devise Strong Parameters by Block #464
  • locales errors.messages.already\_in\_use seems broken #463
  • How to make http header still available when return to oauth call back #461
  • skip: [:omniauth_callbacks] doesn't work in v0.1.37.beta3 #460
  • This gem change default omniauth path? #459
  • Rails 5 compatible? #458
  • Null email causes NoMethodError (undefined method `downcase!' for nil:NilClass) #457
  • Cannot send confirmation email when using alongside with standard devise #456
  • cancancan: load_and_authorize_resources causes method_missing failure #452
  • example app for api #451
  • is session store necessary? #449
  • HTTP Headers not being sent when using as an API from an Android Phone #448
  • Is it possible to pass token via json? #447
  • It shows "An error occurred" after omniauth callback #445
  • Put Access Token in body #442
  • Unable to add a new param for sign up #440
  • Undefined method provider from devise_toke_auth concerns/user.rb #438
  • NoMethodError (undefined method enable\_standard\_devise\_support' for DeviseTokenAuth:Module\): app/controllers/devise\_token\_auth/concerns/set\_user\_by\_token.rb:35:in set_user_by_token' #437
  • duplicate method - resource_class #433
  • Unpermitted parameter errors #432
  • Scoped DeviseToken but it still affects the original Omniauth redirects. #429
  • Can't create user via api #422
  • redirect_uri_mismatch after update from 0.1.34 to 0.1.37 #420
  • password_confirmation not actually required #419
  • Password Reset question, do I need my own form? #418
  • Large Size on Disk #415
  • The validate_token function in the readme is missing a parameter #413
  • Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module #406
  • change_headers_on_each_request and batch requests #403
  • Why should I use .to_json to get the right json object and not an array? #400
  • Multiple users, returning(and creating) wrong model's auth token #399
  • Can't verify CSRF token authenticity #398
  • Errors after removing confirmable #397
  • Add JSON API (v1.0) compliant API option #396
  • NoMethodError in DeviseTokenAuth::SessionsController#create #394
  • uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt #393
  • Add better uid + provider unique support #392
  • Unable to Logout after sign up and/or sign in #391
  • Cohabitation with doorkeeper #389
  • Sign in not success. #388
  • React native signup/login using Facebook SDK #385
  • password length #380
  • Devise token auth not found routing error #379
  • Defining a custom primary key #378
  • seeing other users data after login/out with different users on ionic #375
  • when does tokens field get cleared #372
  • omniauth: when redirecting, user object should not be serialized into url #368
  • getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser #367
  • Passing access_token after signup #366
  • 'no implicit conversion of Hash into String (TypeError)' on Travis CI #365
  • discrepancy between registration events #364
  • Block isn't called in super do |resource| override. #363
  • omniauth callback redirect not working properly when using namespace/scope #362
  • Auth header is not being set in sign up when using confirmable with allowed unconfirmed access #361
  • Spontaneous log out from app (presumably because of batch requests) #359
  • invalid token in method set_user_by_token on RegistrationsController#update #357
  • github provider callback url (?auth_token) #354
  • Is it possible to authenticate_user! without failing the filter chain? #353
  • Allow devise patch version updates #351
  • Error validating token #348
  • Support for Lockable and Timeoutable when using Devise and DeviseTokenAuth #346
  • Official support and documentation on how to use alongside Devise for APIs #345
  • permitted parameters not working as expected #344
  • Using devise and devise_token_auth side by side #343
  • Multiple Devise Models. One using token #342
  • Restricting access to controllers methods #340
  • ArgumentError in DeviseTokenAuth::ConfirmationsController#show #339
  • Issue with audited-activerecord #338
  • Allow for HTTP Basic Auth ? #337
  • Allow Omniauth user reset password #335
  • Ember Simple Auth #334
  • NameError (uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt) #333
  • group authentication not redirecting #332
  • Unpermitted parameters: format, session #328
  • Concern causes app to connect to database when precompiling assets. #327
  • devise token auth + Save Facebook auth_hash info in database #326
  • Getting `table_exists?' error when using devise_token_auth with Mongoid #325
  • Error sending password reset email when not using confirmable (reopened #124) #321
  • Routing error / Preflight request / OPTIONS #320
  • delete tokens after password change #318
  • Can't authorize (user_signed_in? always show false) #316
  • Can't authorize (user_signed_in? always show false) #315
  • Devise Email Validation #314
  • Android native - Unpredictable 401 #313
  • Warden::SessionSerializer - wrong number of arguments (2 for 1) #312
  • The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController #309
  • Having 401 Unauthorized only with mobile #305
  • remove unused nickname, image from user object #304
  • How to skip confirmation on register but possibility to ask later #303
  • HI, This is more of a doubt since I could not finding anything related to this in your documentation. #300
  • Getting 401's when making requests using iOS/Android clients #299
  • User with multiple providers gets invalid login credential except the latest provider he/she registered. #298
  • undefined method `tokens' for #<Hash:0x000000063f0920> #297
  • Confirmation URL giving bad arguments #293
  • Conder making view helpers available in token_validations_controller #292
  • set_user_by_token not called in overriden controller #291
  • Using alongside "normal" rails app #290
  • Question: Should we send password reset instructions to unconfirmed emails? #287
  • NoMethodError (undefined method `[]' for nil:NilClass): #286
  • Facebook omniauth redirection is missing url when testing on localhost #285
  • Reset password error. #284
  • Configured verbatim, devise_token_auth receives this error google only #282
  • No route matches [GET] "/users/facebook/callback" #280
  • Facebook Auth isn't working for Google Chrome users that have Data Compression set to on #279
  • No route matches [GET] "/omniauth/:provider" #278
  • How to refresh token/expiry? #275
  • wrong number of arguments (1 for 0): in DeviseTokenAuth::RegistrationsController#create #274
  • Can not save a user with nil tokens attribute #271
  • Shouldn't validate_token param be access-token, not auth_token? #270
  • include associations on login #269
  • Used alongside standard Devise broke the Devise mail confirmation #265
  • How To Handle Guest Account #264
  • confirmable feature bugs? #263
  • Failure route not handled #262
  • Getting Unauthorized error even after sending the correct token, uid and client #261
  • Weird error message #259
  • helper methods don't work #258
  • undefined method `provider' for #<User:0x007f49fd5da2e8> #257
  • Custom Serializer like ActiveModel Serializer #249
  • reset password link is not getting to redirection #247
  • File download with query params #246
  • Info: is devise_token_auth compatible with rails 3.2.19? #245
  • Should a 404 reset tokens? #244
  • Headers required for different methods #243
  • Unpermitted parameters: format, session, lang #239
  • On sign_in, devise_token_auth expects the uid to be the same as the email #237
  • Name conflict with inherited_resources #236
  • Devise.secret_key was not set. Please add the following to your Devise initializer #235
  • sign_in will not fetch the token #234
  • Expected params don't match Devise itself #233
  • Remove ('#') symbol when using html5mode in locationProvider #232
  • Log in request 401 error #231
  • User Registration - "email address already in use" when it is unique #230
  • Devise email validation disabled...why? #229
  • Namespaced Models #228
  • Can't verify CSRF token authenticity #227
  • confirm_success_url error not working #226
  • pending_reconfirmation called when confirmable isn't used #224
  • Error on OmniauthCallbacksController#omniauth_success #222
  • omniauth_success.html.erb JSON bug #221
  • undefined method `authenticate_user!' #219
  • Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application #218
  • Where can I got token? #217
  • The omniauth implementation on this gem use redirection. We need to get around these. #216
  • Which software did you use to create the workflow ? #215
  • URI fragment prevent to send params in Confirmation URL #213
  • AbstractController::ActionNotFound (The action 'new' could not be found for DeviseTokenAuth::RegistrationsController): #212
  • Oauth broken when attributes have a new line #211
  • Generating many client tokens #210
  • Limit tokens hash? #208
  • 500 error returned when no data is POSTed to registration controller #203
  • undefined method `match' for nil:NilClass #201
  • No route matches [GET] "/omniauth/sign_in" #199
  • DELETE method becoming OPTIONS @ Heroku #197
  • I have a rails backend rendered app (erb). Can I switch to devise token auth? #196
  • 40 Mb log file and 1 minute to have token with curl #195
  • authentication via phone # #194
  • 401 unauthorized #193
  • Cannot use this gem alongside Devise #192
  • GET requests to sign_in shouldn't raise an exception #190
  • Api not locked by default #189
  • Some headers without "access-token" (and friends) while testing with Rspec #188
  • Rails 4.1 #187
  • Unable to override OmniauthCallbacksController#redirect_callbacks #186
  • AbstractController::ActionNotFound with Controller Override #185
  • Devise and devise_token_auth omniauth callbacks #184
  • Token based authentication with no sessions #183
  • undefined method `authenticate_user!' #182
  • Best way to set up migration for installation on existing User table already using Devise? #181
  • Architecture Q: Why did you not use Warden? #180
  • NoMethodError (undefined method `[]=' for nil:NilClass) #178
  • confirm_success_url shouldn't be a required param #176
  • Provide an OAuth implementation for native apps #175
  • getting an argument error when trying to use omniauth #174
  • Sign in via username doesn't seem to work correctly. #173
  • Cannot use + sign in email address. #171
  • Sign_in / Sign_up via token_auth and via session #168
  • How can i authenticate using curl and get private entries ! #167
  • Facebook login - Redirect issue #166
  • Pessimistic Locking produces ArgumentError #165
  • expired confirmation & reset link #164
  • Storing token in Redis? #163
  • POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API #162
  • Sign out just on client side ? #161
  • Unpermitted parameter: redirect_url #160
  • Issues using devise and devise_token_auth #159
  • Add role based authorization #158
  • list with http response codes #157
  • Not compatible with ActiveAdmin #156
  • [Duplicate] is devise_invitable supported? #154
  • Trouble accessing provider auth key and secret #153
  • Omniauth: New user or not ? #151
  • User can register with a "false" email #149
  • /validate_token #148
  • Email confirmation link #147
  • Tokens field on database #146
  • Twitter OAuth always throughs CookieOverflow #145
  • Is there a way to configure apiUrl for both dev and prod? #144
  • Getting 401 unauthorized on login attempt #142
  • Forcing SSL for DeviseTokenAuth causes error 'new' could not be found #141
  • Comparing with jwt #140
  • Can't get omniauth to work (error in redirect_callbacks) #139
  • Change controller inheritance #138
  • Reset Password call returns 400 for Not Found user #137
  • The gem is too big. Please take care of it. #136
  • Error when loging with facebook the second time without logout #135
  • NoMethodError (undefined method `name' for nil:NilClass) - devise_controller.rb:22 #134
  • OmniAuth redirect doesn't work if using the generated mount_devise_token route #133
  • Missing template /omniauth_response #132
  • Sudo action / confirm your identity protocol #131
  • Unpermitted parameter: session #130
  • OAuth error: We're sorry, but something went wrong #129
  • Would it be useful to integrate login with username ? #127
  • Sign in with login instead of email #126
  • Error sending password reset email when not using confirmable #124
  • Using expired token for parallel calls #123
  • devise_token_auth for multiple client #122
  • OmniauthCallbacksController#omniauth_success wrong number of arguments (1 for 0) #119
  • Could not load 'omniauth' #118
  • bad argument (expected URI object or URI string) #116
  • devise_token_auth for public API, but devise for rest of app? #114
  • Omniauthable deleted on UsersConcern : Why ? #111
  • Unrequired route #110
  • Invalid Authenticity Token with last version #109
  • raises NoMethodError instead of displaying error when email is missing #108
  • Error with RailsAdmin. "The action 'new' could not be found for DeviseTokenAuth::SessionsController" #107
  • Circular dependency detected while autoloading constant Api #106
  • Can't Authenticate via cURL #105
  • Unpermitted parameters: user, registration #104
  • BCrypt::Errors::InvalidSalt errors #103
  • Active job token expiring integration #102
  • Routes not properly set #101
  • The action 'new' could not be found for DeviseTokenAuth::RegistrationsController #100
  • Disable confirmable #99
  • responders - rails 4.2 #98
  • forward skip to devise #97
  • API versioning the devise scope of token validation and ominiauth controller path will wrap up #96
  • Overwriting default "from" email address #94
  • uninitialized constant DeviseTokenAuth #92
  • change_headers_on_each_request not working expiry header empty #90
  • allow_unconfirmed_access_for #89
  • Gem render consistency #87
  • Sample Sessions Controller for logging in via Rails View. #86
  • Change authorization key: Use phone_number instead of email #84
  • Conflict with active_admin gem #83
  • NoMethodError in DeviseTokenAuth::OmniauthCallbacksController#redirect_callbacks #82
  • All the APIs are getting 'Authorized users only' #81
  • Is Devise option Rememberable required ? #80
  • Problem with skip_confirmation! #78
  • Cannot reset password if registered by omniauth #77
  • NoMethodError at /omniauth/facebook/callback - undefined method `[]' for nil:NilClass #76
  • Usage with Grape #73
  • Remove dependency on ActiveRecord #72
  • Skipping Registrations Controller Altogether #70
  • Problem in validate_token if the model is in a namespace #69
  • Cannot send confirmation email if there is no 'User' model #68
  • Better guidelines for contributors #65
  • admin namespace #63
  • Devise trackable module not working #62
  • Allow updating of default attributes by default? #61
  • Devise_token_auth without OmniAuth authentication #60
  • Reset Password error #59
  • Confirmable - unconfirmed email #58
  • Email Column Isn't Used for Database Authentication #56
  • Unique Key for Provider and UID Combination #55
  • User Info in separate table or removed #53
  • rename @user to @resource #48
  • Active_admin issue #47
  • Possible Logout Issue #46
  • Routes not appended to routes.rb #45
  • Return resource.errors.full_messages in addition to resource.errors #44
  • Devise and Devise_Token_Auth in api namespace #43
  • Trackable attributes are not being updated. #42
  • Avoid using respond_to in application controller #41
  • devise_token_auth assumes you want the :confirmable functionality #40
  • undefined method `match' for nil:NilClass #39
  • Expired token aren't removed when session expires #38
  • sign_up helper #37
  • self.tokens[client_id]['token'] != token #30
  • How is the uid generated for non-omniauth users? #29
  • Access to current_user variable? #28
  • Filter chain halted as :require_no_authentication #27
  • Allow additional parameters for registration #25
  • Cannot add more parameters at sign_up #22
  • Error on Registration #21
  • Error with authentication #20
  • Cascade of Issues with Omniauth(?) #18
  • Batch Requests Respond with Original Auth Token #17
  • Sign out with email provider error #16
  • sessions_controller.rb #12
  • Github login in example is broken #10
  • Facebook auth is broken #9
  • Generator is not working #8
  • Test ticket from Code Climate #6
  • Test ticket from Code Climate #5
  • extending the devise_token_auth user model #4
  • A few ideas #3
  • Google Oauth2 does not set cookies in production. #1

Merged pull requests:

Change Log

v0.1.42 (2017-05-17)

Full Changelog

Closed issues:

  • devise_token_auth blocks upgrade to Rails 5.1.0 #875

Merged pull requests:

Change Log

Full Changelog

Implemented enhancements:

  • Rails generator to update views #33
  • Extract Omniauth attributes assignation into a method #31

Fixed bugs:

  • Generator doesn't work correctly with mongoid and/or rails-api #14
  • Generator issues #13

Closed issues:

  • Can´t retrieve access token in login response headers #877
  • how do I login a user after account signup? #866
  • Can only register one account. #858
  • No access-token in the header #855
  • Headers not present in all requests #851
  • uninitialized constant SECRET_KEY_BASE #845
  • devise_token_auth: can't work with Rails subdomain. #831
  • Question: email confirmation token URI with Rails API #824
  • readme code for controller override needs a slight change #819
  • Support for multiple providers during same session #815
  • not supporting for angular1.6 #810
  • Add has one/belongs to assotiation #807
  • redirect_url required but not permitted in strong parameters #805
  • Data leak on create password reset #797
  • Rails 5 API Mode Not Authorizing #796
  • wrong constant name user #784
  • current_user returns nill #779
  • ActionController::RoutingError - undefined method `helper_method' #776
  • Minimum Limits on a token? #764
  • Octopus throwing error when deleting expired tokens #761
  • Only one User model return the correct headers #757
  • ArgumentError in Devise::RegistrationsController#new #750
  • OAuth (GitHub) redirects to callback url twice #749
  • Rails 5 API deployed as microservices #741
  • Query params left in url after facebook login cause authentication to fail on refresh #734
  • Can't permit parameters in rails engine #731
  • Cannot integrate with omniauth-facebook #729
  • Two models, one not working #726
  • API response bodies are empty when using active_model_serializers #715
  • /sign_out route is returning 404 not found #713
  • Why is tokens field a json type and how to create a query based on inside values? #707
  • Deprecation Error Message on 5.0 #698
  • "Covert Redirect" Vulnerability #696
  • No route matches [POST] "/api/v1/auth" #694
  • Got this error with ActiveAdmin "wrong number of arguments (1 for 0)" #692
  • using devise_token_auth for API alongside standard devise gem for HTML view #689
  • No Headers after sign_in for new Users created by Admin #685
  • NoMethodError (undefined method `headers_names' for DeviseTokenAuth:Module) #684
  • Fast page refresh problem #683
  • IndexError: string not matched on User sign_in #681
  • skip_confirmation_notification! not working #679
  • rails g devise_token_auth:install User auth hangs and does nothing #671
  • Bump version to support devise 4.1.1 #659
  • callback :set_user_by_token has not been defined #649
  • Issues with active_model_serializers #644
  • Error with devise #643
  • undefined method `token_validation_response' #635
  • when password is reset from UI, all tokens must be removed if remove_tokens_after_password_reset is true #634
  • Relax devise dependency to allow 4.1 #631
  • Rails 5 generator doesn't insert concern #627
  • NoMethodError (undefined method `find_by_uid') in production. #625
  • Why is password confirmation required ? #624
  • Curl not working for sign_in but works on ng-token-angular #620
  • After Sign-in success, The following requests on Angular side are unauthorized. #619
  • Omniauth - Facebook app doesn't run callback url after successful Facebook authentication #615
  • :authenticate_user! wired behaviour #614
  • current_user is nil, request headers are all upcased and prefixed with HTML_ #611
  • Problem in generated routes #607
  • Rails 5 API Mode - no headers in response #606
  • Filter chain halted as :authenticate_user! rendered or redirected #603
  • 422 Unprocessable Entity when using local IP address #601
  • not working with latest version of active_model_serializers #600
  • overriding rendering methods in devise_token_auth #597
  • redirect_url is missing in email instructions sent to the user for password reset #588
  • Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password_confirmation":"abcdefgh"} #587
  • can't authenticate user when opening a new download tab #582
  • Mails are not being sent #581
  • current_user seems to be nil after doing requests from different tabs #579
  • Do we have any rspec helpers to sign_in an user? #577
  • Cannot override json response of authenticate_user! #575
  • return custom json data after sign_in #567
  • /auth/validate_token works but getting 401 unauthorized when sending request with auth headers #550
  • Where is the access key of omniauth provider? #549
  • How this gem is different from a JWT system? #543
  • Improper formatting for JSON API error/success responses #536
  • Is it a hybrid authentication system? #527
  • check_current_password_before_update still requires password when resetting password #526
  • Manually authenticate for testing #521
  • Support for STI #517
  • DEPRECATION WARNING: alias_method_chain is deprecated #514
  • JSON responses don't fit JSON_API requirements #512
  • Not working with rails 5 and devise master #504
  • Unpermitted parameters: confirm_success_url, config_name, registration #501
  • set_user_by_token not defined in production for rails 5 #500
  • Master branch no longer working with devise master branch (version error) #498
  • uid is not getting set in git revision 996b9cf23a18 #497
  • ve_model_serializer namespace #492
  • User remains logged in when using devise and devise_token_auth in the same app #486
  • DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 #482
  • validate_token - resource_name - undefined method `name' for nil:NilClass #480
  • Helpers being loaded for Rails API's #468
  • Unable to call rails g devise\_token\_auth:install within rails engine #465
  • locales errors.messages.already\_in\_use seems broken #463
  • It shows "An error occurred" after omniauth callback #445
  • Put Access Token in body #442
  • Unable to add a new param for sign up #440
  • Undefined method provider from devise_toke_auth concerns/user.rb #438
  • Scoped DeviseToken but it still affects the original Omniauth redirects. #429
  • Can't create user via api #422
  • Password Reset question, do I need my own form? #418
  • Large Size on Disk #415
  • The validate_token function in the readme is missing a parameter #413
  • Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module #406
  • change_headers_on_each_request and batch requests #403
  • Multiple users, returning(and creating) wrong model's auth token #399
  • Can't verify CSRF token authenticity #398
  • uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt #393
  • Sign in not success. #388
  • password length #380
  • Devise token auth not found routing error #379
  • Defining a custom primary key #378
  • seeing other users data after login/out with different users on ionic #375
  • omniauth: when redirecting, user object should not be serialized into url #368
  • getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser #367
  • omniauth callback redirect not working properly when using namespace/scope #362
  • invalid token in method set_user_by_token on RegistrationsController#update #357
  • Allow devise patch version updates #351
  • Error validating token #348
  • Restricting access to controllers methods #340
  • Allow for HTTP Basic Auth ? #337
  • Allow Omniauth user reset password #335
  • NameError (uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt) #333
  • Unpermitted parameters: format, session #328
  • Concern causes app to connect to database when precompiling assets. #327
  • devise token auth + Save Facebook auth_hash info in database #326
  • Error sending password reset email when not using confirmable (reopened #124) #321
  • Routing error / Preflight request / OPTIONS #320
  • delete tokens after password change #318
  • Can't authorize (user_signed_in? always show false) #315
  • Warden::SessionSerializer - wrong number of arguments (2 for 1) #312
  • The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController #309
  • Having 401 Unauthorized only with mobile #305
  • remove unused nickname, image from user object #304
  • HI, This is more of a doubt since I could not finding anything related to this in your documentation. #300
  • Getting 401's when making requests using iOS/Android clients #299
  • undefined method `tokens' for #<Hash:0x000000063f0920> #297
  • Confirmation URL giving bad arguments #293
  • set_user_by_token not called in overriden controller #291
  • Question: Should we send password reset instructions to unconfirmed emails? #287
  • NoMethodError (undefined method `[]' for nil:NilClass): #286
  • Facebook omniauth redirection is missing url when testing on localhost #285
  • No route matches [GET] "/users/facebook/callback" #280
  • No route matches [GET] "/omniauth/:provider" #278
  • How to refresh token/expiry? #275
  • wrong number of arguments (1 for 0): in DeviseTokenAuth::RegistrationsController#create #274
  • Can not save a user with nil tokens attribute #271
  • Shouldn't validate_token param be access-token, not auth_token? #270
  • include associations on login #269
  • Failure route not handled #262
  • Getting Unauthorized error even after sending the correct token, uid and client #261
  • Weird error message #259
  • undefined method `provider' for #<User:0x007f49fd5da2e8> #257
  • Custom Serializer like ActiveModel Serializer #249
  • File download with query params #246
  • Info: is devise_token_auth compatible with rails 3.2.19? #245
  • Headers required for different methods #243
  • Unpermitted parameters: format, session, lang #239
  • On sign_in, devise_token_auth expects the uid to be the same as the email #237
  • Name conflict with inherited_resources #236
  • sign_in will not fetch the token #234
  • Remove ('#') symbol when using html5mode in locationProvider #232
  • Log in request 401 error #231
  • User Registration - "email address already in use" when it is unique #230
  • Devise email validation disabled...why? #229
  • confirm_success_url error not working #226
  • pending_reconfirmation called when confirmable isn't used #224
  • omniauth_success.html.erb JSON bug #221
  • Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application #218
  • Where can I got token? #217
  • URI fragment prevent to send params in Confirmation URL #213
  • Generating many client tokens #210
  • Limit tokens hash? #208
  • 500 error returned when no data is POSTed to registration controller #203
  • undefined method `match' for nil:NilClass #201
  • DELETE method becoming OPTIONS @ Heroku #197
  • 40 Mb log file and 1 minute to have token with curl #195
  • 401 unauthorized #193
  • GET requests to sign_in shouldn't raise an exception #190
  • Api not locked by default #189
  • Rails 4.1 #187
  • Unable to override OmniauthCallbacksController#redirect_callbacks #186
  • Devise and devise_token_auth omniauth callbacks #184
  • Token based authentication with no sessions #183
  • undefined method `authenticate_user!' #182
  • confirm_success_url shouldn't be a required param #176
  • Provide an OAuth implementation for native apps #175
  • getting an argument error when trying to use omniauth #174
  • Sign in via username doesn't seem to work correctly. #173
  • Cannot use + sign in email address. #171
  • How can i authenticate using curl and get private entries ! #167
  • Pessimistic Locking produces ArgumentError #165
  • POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API #162
  • Sign out just on client side ? #161
  • Unpermitted parameter: redirect_url #160
  • Issues using devise and devise_token_auth #159
  • Add role based authorization #158
  • Not compatible with ActiveAdmin #156
  • [Duplicate] is devise_invitable supported? #154
  • User can register with a "false" email #149
  • /validate_token #148
  • Email confirmation link #147
  • Tokens field on database #146
  • Twitter OAuth always throughs CookieOverflow #145
  • Is there a way to configure apiUrl for both dev and prod? #144
  • Getting 401 unauthorized on login attempt #142
  • Comparing with jwt #140
  • Can't get omniauth to work (error in redirect_callbacks) #139
  • Change controller inheritance #138
  • Reset Password call returns 400 for Not Found user #137
  • The gem is too big. Please take care of it. #136
  • Error when loging with facebook the second time without logout #135
  • OmniAuth redirect doesn't work if using the generated mount_devise_token route #133
  • Missing template /omniauth_response #132
  • Unpermitted parameter: session #130
  • OAuth error: We're sorry, but something went wrong #129
  • Would it be useful to integrate login with username ? #127
  • Sign in with login instead of email #126
  • Error sending password reset email when not using confirmable #124
  • Using expired token for parallel calls #123
  • User tokens don't properly deserialize #121
  • OmniauthCallbacksController#omniauth_success wrong number of arguments (1 for 0) #119
  • Could not load 'omniauth' #118
  • bad argument (expected URI object or URI string) #116
  • devise_token_auth for public API, but devise for rest of app? #114
  • Omniauthable deleted on UsersConcern : Why ? #111
  • Unrequired route #110
  • raises NoMethodError instead of displaying error when email is missing #108
  • Error with RailsAdmin. "The action 'new' could not be found for DeviseTokenAuth::SessionsController" #107
  • Circular dependency detected while autoloading constant Api #106
  • Can't Authenticate via cURL #105
  • Unpermitted parameters: user, registration #104
  • BCrypt::Errors::InvalidSalt errors #103
  • Active job token expiring integration #102
  • The action 'new' could not be found for DeviseTokenAuth::RegistrationsController #100
  • Disable confirmable #99
  • responders - rails 4.2 #98
  • forward skip to devise #97
  • API versioning the devise scope of token validation and ominiauth controller path will wrap up #96
  • Overwriting default "from" email address #94
  • uninitialized constant DeviseTokenAuth #92
  • change_headers_on_each_request not working expiry header empty #90
  • Gem render consistency #87
  • Sample Sessions Controller for logging in via Rails View. #86
  • Change authorization key: Use phone_number instead of email #84
  • Conflict with active_admin gem #83
  • NoMethodError in DeviseTokenAuth::OmniauthCallbacksController#redirect_callbacks #82
  • All the APIs are getting 'Authorized users only' #81
  • Is Devise option Rememberable required ? #80
  • Problem with skip_confirmation! #78
  • Cannot reset password if registered by omniauth #77
  • NoMethodError at /omniauth/facebook/callback - undefined method `[]' for nil:NilClass #76
  • Remove dependency on ActiveRecord #72
  • Skipping Registrations Controller Altogether #70
  • Problem in validate_token if the model is in a namespace #69
  • Cannot send confirmation email if there is no 'User' model #68
  • Better guidelines for contributors #65
  • admin namespace #63
  • Devise trackable module not working #62
  • Devise_token_auth without OmniAuth authentication #60
  • Reset Password error #59
  • Confirmable - unconfirmed email #58
  • Email Column Isn't Used for Database Authentication #56
  • Unique Key for Provider and UID Combination #55
  • User Info in separate table or removed #53
  • rename @user to @resource #48
  • Active_admin issue #47
  • Possible Logout Issue #46
  • Routes not appended to routes.rb #45
  • Return resource.errors.full_messages in addition to resource.errors #44
  • Devise and Devise_Token_Auth in api namespace #43
  • Trackable attributes are not being updated. #42
  • Avoid using respond_to in application controller #41
  • devise_token_auth assumes you want the :confirmable functionality #40
  • undefined method `match' for nil:NilClass #39
  • Expired token aren't removed when session expires #38
  • sign_up helper #37
  • self.tokens[client_id]['token'] != token #30
  • How is the uid generated for non-omniauth users? #29
  • Access to current_user variable? #28
  • Filter chain halted as :require_no_authentication #27
  • Allow additional parameters for registration #25
  • Cannot add more parameters at sign_up #22
  • Error on Registration #21
  • Error with authentication #20
  • Cascade of Issues with Omniauth(?) #18
  • Batch Requests Respond with Original Auth Token #17
  • Sign out with email provider error #16
  • sessions_controller.rb #12
  • Github login in example is broken #10
  • Facebook auth is broken #9
  • Generator is not working #8
  • Test ticket from Code Climate #6
  • Test ticket from Code Climate #5
  • extending the devise_token_auth user model #4
  • A few ideas #3
  • Google Oauth2 does not set cookies in production. #1

Merged pull requests:

Change Log

v0.1.40 (2017-01-20)

Full Changelog

Closed issues:

  • Support for multiple providers during same session #815
  • not supporting for angular1.6 #810
  • Add has one/belongs to assotiation #807
  • redirect_url required but not permitted in strong parameters #805
  • Rails 5 API Mode Not Authorizing #796
  • wrong constant name user #784
  • current_user returns nill #779
  • ActionController::RoutingError - undefined method `helper_method' #776
  • Minimum Limits on a token? #764
  • Octopus throwing error when deleting expired tokens #761
  • Only one User model return the correct headers #757
  • ArgumentError in Devise::RegistrationsController#new #750
  • Rails 5 API deployed as microservices #741
  • Query params left in url after facebook login cause authentication to fail on refresh #734
  • Can't permit parameters in rails engine #731
  • Cannot integrate with omniauth-facebook #729
  • Two models, one not working #726
  • API response bodies are empty when using active_model_serializers #715
  • /sign_out route is returning 404 not found #713
  • Why is tokens field a json type and how to create a query based on inside values? #707
  • Deprecation Error Message on 5.0 #698

Merged pull requests:

Change Log

v0.1.39 (2016-08-16)

Full Changelog

Closed issues:

  • "Covert Redirect" Vulnerability #696
  • No route matches [POST] "/api/v1/auth" #694
  • Got this error with ActiveAdmin "wrong number of arguments (1 for 0)" #692
  • using devise_token_auth for API alongside standard devise gem for HTML view #689
  • No Headers after sign_in for new Users created by Admin #685
  • NoMethodError (undefined method `headers_names' for DeviseTokenAuth:Module) #684
  • Fast page refresh problem #683
  • IndexError: string not matched on User sign_in #681
  • skip_confirmation_notification! not working #679
  • Bump version to support devise 4.1.1 #659
  • not working with latest version of active_model_serializers #600

Merged pull requests:

Full Changelog

Implemented enhancements:

  • Rails generator to update views #33
  • Extract Omniauth attributes assignation into a method #31

Fixed bugs:

  • Generator doesn't work correctly with mongoid and/or rails-api #14
  • Generator issues #13

Closed issues:

  • rails g devise_token_auth:install User auth hangs and does nothing #671
  • callback :set_user_by_token has not been defined #649
  • Issues with active_model_serializers #644
  • Error with devise #643
  • undefined method `token_validation_response' #635
  • when password is reset from UI, all tokens must be removed if remove_tokens_after_password_reset is true #634
  • Relax devise dependency to allow 4.1 #631
  • Rails 5 generator doesn't insert concern #627
  • NoMethodError (undefined method `find_by_uid') in production. #625
  • Curl not working for sign_in but works on ng-token-angular #620
  • After Sign-in success, The following requests on Angular side are unauthorized. #619
  • Omniauth - Facebook app doesn't run callback url after successful Facebook authentication #615
  • :authenticate_user! wired behaviour #614
  • current_user is nil, request headers are all upcased and prefixed with HTML_ #611
  • Problem in generated routes #607
  • Rails 5 API Mode - no headers in response #606
  • Filter chain halted as :authenticate_user! rendered or redirected #603
  • 422 Unprocessable Entity when using local IP address #601
  • overriding rendering methods in devise_token_auth #597
  • redirect_url is missing in email instructions sent to the user for password reset #588
  • Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password_confirmation":"abcdefgh"} #587
  • can't authenticate user when opening a new download tab #582
  • Mails are not being sent #581
  • current_user seems to be nil after doing requests from different tabs #579
  • Do we have any rspec helpers to sign_in an user? #577
  • Cannot override json response of authenticate_user! #575
  • return custom json data after sign_in #567
  • /auth/validate_token works but getting 401 unauthorized when sending request with auth headers #550
  • Where is the access key of omniauth provider? #549
  • How this gem is different from a JWT system? #543
  • Improper formatting for JSON API error/success responses #536
  • Is it a hybrid authentication system? #527
  • check_current_password_before_update still requires password when resetting password #526
  • Manually authenticate for testing #521
  • Support for STI #517
  • JSON responses don't fit JSON_API requirements #512
  • Not working with rails 5 and devise master #504
  • Unpermitted parameters: confirm_success_url, config_name, registration #501
  • set_user_by_token not defined in production for rails 5 #500
  • Master branch no longer working with devise master branch (version error) #498
  • uid is not getting set in git revision 996b9cf23a18 #497
  • ve_model_serializer namespace #492
  • User remains logged in when using devise and devise_token_auth in the same app #486
  • DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 #482
  • validate_token - resource_name - undefined method `name' for nil:NilClass #480
  • Helpers being loaded for Rails API's #468
  • Unable to call rails g devise\_token\_auth:install within rails engine #465
  • locales errors.messages.already\_in\_use seems broken #463
  • It shows "An error occurred" after omniauth callback #445
  • Put Access Token in body #442
  • Unable to add a new param for sign up #440
  • Undefined method provider from devise_toke_auth concerns/user.rb #438
  • Scoped DeviseToken but it still affects the original Omniauth redirects. #429
  • Can't create user via api #422
  • Password Reset question, do I need my own form? #418
  • Large Size on Disk #415
  • The validate_token function in the readme is missing a parameter #413
  • Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module #406
  • change_headers_on_each_request and batch requests #403
  • Multiple users, returning(and creating) wrong model's auth token #399
  • Can't verify CSRF token authenticity #398
  • uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt #393
  • Sign in not success. #388
  • password length #380
  • Devise token auth not found routing error #379
  • Defining a custom primary key #378
  • seeing other users data after login/out with different users on ionic #375
  • omniauth: when redirecting, user object should not be serialized into url #368
  • getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser #367
  • omniauth callback redirect not working properly when using namespace/scope #362
  • invalid token in method set_user_by_token on RegistrationsController#update #357
  • Allow devise patch version updates #351
  • Error validating token #348
  • Allow for HTTP Basic Auth ? #337
  • Allow Omniauth user reset password #335
  • NameError (uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt) #333
  • Unpermitted parameters: format, session #328
  • devise token auth + Save Facebook auth_hash info in database #326
  • Error sending password reset email when not using confirmable (reopened #124) #321
  • Routing error / Preflight request / OPTIONS #320
  • delete tokens after password change #318
  • Can't authorize (user_signed_in? always show false) #315
  • Warden::SessionSerializer - wrong number of arguments (2 for 1) #312
  • The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController #309
  • Having 401 Unauthorized only with mobile #305
  • remove unused nickname, image from user object #304
  • HI, This is more of a doubt since I could not finding anything related to this in your documentation. #300
  • Getting 401's when making requests using iOS/Android clients #299
  • undefined method `tokens' for #<Hash:0x000000063f0920> #297
  • Confirmation URL giving bad arguments #293
  • set_user_by_token not called in overriden controller #291
  • Question: Should we send password reset instructions to unconfirmed emails? #287
  • NoMethodError (undefined method `[]' for nil:NilClass): #286
  • Facebook omniauth redirection is missing url when testing on localhost #285
  • No route matches [GET] "/users/facebook/callback" #280
  • No route matches [GET] "/omniauth/:provider" #278
  • How to refresh token/expiry? #275
  • wrong number of arguments (1 for 0): in DeviseTokenAuth::RegistrationsController#create #274
  • Can not save a user with nil tokens attribute #271
  • Shouldn't validate_token param be access-token, not auth_token? #270
  • include associations on login #269
  • Failure route not handled #262
  • Getting Unauthorized error even after sending the correct token, uid and client #261
  • Weird error message #259
  • undefined method `provider' for #<User:0x007f49fd5da2e8> #257
  • Custom Serializer like ActiveModel Serializer #249
  • File download with query params #246
  • Info: is devise_token_auth compatible with rails 3.2.19? #245
  • Headers required for different methods #243
  • Unpermitted parameters: format, session, lang #239
  • On sign_in, devise_token_auth expects the uid to be the same as the email #237
  • Name conflict with inherited_resources #236
  • sign_in will not fetch the token #234
  • Remove ('#') symbol when using html5mode in locationProvider #232
  • Log in request 401 error #231
  • User Registration - "email address already in use" when it is unique #230
  • Devise email validation disabled...why? #229
  • confirm_success_url error not working #226
  • pending_reconfirmation called when confirmable isn't used #224
  • omniauth_success.html.erb JSON bug #221
  • Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application #218
  • Where can I got token? #217
  • URI fragment prevent to send params in Confirmation URL #213
  • Generating many client tokens #210
  • Limit tokens hash? #208
  • 500 error returned when no data is POSTed to registration controller #203
  • undefined method `match' for nil:NilClass #201
  • DELETE method becoming OPTIONS @ Heroku #197
  • 40 Mb log file and 1 minute to have token with curl #195
  • 401 unauthorized #193
  • GET requests to sign_in shouldn't raise an exception #190
  • Api not locked by default #189
  • Rails 4.1 #187
  • Unable to override OmniauthCallbacksController#redirect_callbacks #186
  • Token based authentication with no sessions #183
  • undefined method `authenticate_user!' #182
  • confirm_success_url shouldn't be a required param #176
  • Provide an OAuth implementation for native apps #175
  • getting an argument error when trying to use omniauth #174
  • Sign in via username doesn't seem to work correctly. #173
  • Cannot use + sign in email address. #171
  • How can i authenticate using curl and get private entries ! #167
  • Pessimistic Locking produces ArgumentError #165
  • POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API #162
  • Sign out just on client side ? #161
  • Unpermitted parameter: redirect_url #160
  • Issues using devise and devise_token_auth #159
  • Add role based authorization #158
  • Not compatible with ActiveAdmin #156
  • [Duplicate] is devise_invitable supported? #154
  • User can register with a "false" email #149
  • /validate_token #148
  • Email confirmation link #147
  • Tokens field on database #146
  • Twitter OAuth always throughs CookieOverflow #145
  • Is there a way to configure apiUrl for both dev and prod? #144
  • Getting 401 unauthorized on login attempt #142
  • Comparing with jwt #140
  • Can't get omniauth to work (error in redirect_callbacks) #139
  • Change controller inheritance #138
  • Reset Password call returns 400 for Not Found user #137
  • The gem is too big. Please take care of it. #136
  • Error when loging with facebook the second time without logout #135
  • OmniAuth redirect doesn't work if using the generated mount_devise_token route #133
  • Missing template /omniauth_response #132
  • Unpermitted parameter: session #130
  • OAuth error: We're sorry, but something went wrong #129
  • Would it be useful to integrate login with username ? #127
  • Sign in with login instead of email #126
  • Error sending password reset email when not using confirmable #124
  • Using expired token for parallel calls #123
  • User tokens don't properly deserialize #121
  • Could not load 'omniauth' #118
  • bad argument (expected URI object or URI string) #116
  • devise_token_auth for public API, but devise for rest of app? #114
  • Omniauthable deleted on UsersConcern : Why ? #111
  • Unrequired route #110
  • raises NoMethodError instead of displaying error when email is missing #108
  • Error with RailsAdmin. "The action 'new' could not be found for DeviseTokenAuth::SessionsController" #107
  • Circular dependency detected while autoloading constant Api #106
  • Can't Authenticate via cURL #105
  • Unpermitted parameters: user, registration #104
  • BCrypt::Errors::InvalidSalt errors #103
  • Active job token expiring integration #102
  • The action 'new' could not be found for DeviseTokenAuth::RegistrationsController #100
  • Disable confirmable #99
  • responders - rails 4.2 #98
  • forward skip to devise #97
  • API versioning the devise scope of token validation and ominiauth controller path will wrap up #96
  • Overwriting default "from" email address #94
  • uninitialized constant DeviseTokenAuth #92
  • change_headers_on_each_request not working expiry header empty #90
  • Gem render consistency #87
  • Sample Sessions Controller for logging in via Rails View. #86
  • Change authorization key: Use phone_number instead of email #84
  • Conflict with active_admin gem #83
  • NoMethodError in DeviseTokenAuth::OmniauthCallbacksController#redirect_callbacks #82
  • All the APIs are getting 'Authorized users only' #81
  • Is Devise option Rememberable required ? #80
  • Problem with skip_confirmation! #78
  • Cannot reset password if registered by omniauth #77
  • NoMethodError at /omniauth/facebook/callback - undefined method `[]' for nil:NilClass #76
  • Remove dependency on ActiveRecord #72
  • Skipping Registrations Controller Altogether #70
  • Problem in validate_token if the model is in a namespace #69
  • Cannot send confirmation email if there is no 'User' model #68
  • Better guidelines for contributors #65
  • admin namespace #63
  • Devise trackable module not working #62
  • Devise_token_auth without OmniAuth authentication #60
  • Reset Password error #59
  • Confirmable - unconfirmed email #58
  • Email Column Isn't Used for Database Authentication #56
  • Unique Key for Provider and UID Combination #55
  • User Info in separate table or removed #53
  • rename @user to @resource #48
  • Active_admin issue #47
  • Possible Logout Issue #46
  • Routes not appended to routes.rb #45
  • Return resource.errors.full_messages in addition to resource.errors #44
  • Devise and Devise_Token_Auth in api namespace #43
  • Trackable attributes are not being updated. #42
  • Avoid using respond_to in application controller #41
  • devise_token_auth assumes you want the :confirmable functionality #40
  • undefined method `match' for nil:NilClass #39
  • Expired token aren't removed when session expires #38
  • sign_up helper #37
  • self.tokens[client_id]['token'] != token #30
  • How is the uid generated for non-omniauth users? #29
  • Access to current_user variable? #28
  • Filter chain halted as :require_no_authentication #27
  • Allow additional parameters for registration #25
  • Cannot add more parameters at sign_up #22
  • Error on Registration #21
  • Error with authentication #20
  • Cascade of Issues with Omniauth(?) #18
  • Batch Requests Respond with Original Auth Token #17
  • Sign out with email provider error #16
  • sessions_controller.rb #12
  • Github login in example is broken #10
  • Facebook auth is broken #9
  • Generator is not working #8
  • Test ticket from Code Climate #6
  • Test ticket from Code Climate #5
  • extending the devise_token_auth user model #4
  • A few ideas #3
  • Google Oauth2 does not set cookies in production. #1

Merged pull requests:

Change Log

0.1.37 (2016-01-26)

Full Changelog

Closed issues:

  • Not working with rails 5 and devise master #504
  • Unpermitted parameters: confirm_success_url, config_name, registration #501
  • Master branch no longer working with devise master branch (version error) #498
  • uid is not getting set in git revision 996b9cf23a18 #497
  • ve_model_serializer namespace #492
  • User remains logged in when using devise and devise_token_auth in the same app #486
  • DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 #482
  • validate_token - resource_name - undefined method `name' for nil:NilClass #480
  • Helpers being loaded for Rails API's #468
  • locales errors.messages.already\_in\_use seems broken #463
  • omniauth callback redirect not working properly when using namespace/scope #362
  • delete tokens after password change #318

Merged pull requests:

v0.1.37.beta4 (2015-12-10)

Full Changelog

Closed issues:

  • It shows "An error occurred" after omniauth callback #445
  • Put Access Token in body #442
  • Unable to add a new param for sign up #440
  • Undefined method provider from devise_toke_auth concerns/user.rb #438
  • Scoped DeviseToken but it still affects the original Omniauth redirects. #429
  • Can't create user via api #422
  • change_headers_on_each_request and batch requests #403
  • password length #380
  • The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController #309
  • undefined method `tokens' for #<Hash:0x000000063f0920> #297
  • Generating many client tokens #210

Merged pull requests:

v0.1.37.beta3 (2015-10-27)

Full Changelog

Closed issues:

  • Password Reset question, do I need my own form? #418
  • seeing other users data after login/out with different users on ionic #375

v0.1.37.beta2 (2015-10-25)

Full Changelog

Closed issues:

  • The validate_token function in the readme is missing a parameter #413

Merged pull requests:

v0.1.37.beta1 (2015-10-25)

Full Changelog

Closed issues:

  • Large Size on Disk #415
  • Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module #406
  • uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt #393
  • Devise token auth not found routing error #379
  • undefined method `match' for nil:NilClass #201

Merged pull requests:

v0.1.36 (2015-10-13)

Full Changelog

v0.1.35 (2015-10-13)

Full Changelog

Fixed bugs:

  • Generator doesn't work correctly with mongoid and/or rails-api #14

Closed issues:

  • Multiple users, returning(and creating) wrong model's auth token #399
  • Sign in not success. #388
  • Defining a custom primary key #378
  • omniauth: when redirecting, user object should not be serialized into url #368
  • getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser #367
  • invalid token in method set_user_by_token on RegistrationsController#update #357
  • Allow devise patch version updates #351
  • Error validating token #348
  • Allow for HTTP Basic Auth ? #337
  • Allow Omniauth user reset password #335
  • NameError (uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt) #333
  • Unpermitted parameters: format, session #328
  • devise token auth + Save Facebook auth_hash info in database #326
  • Error sending password reset email when not using confirmable (reopened #124) #321
  • Facebook omniauth redirection is missing url when testing on localhost #285
  • Failure route not handled #262
  • Unable to override OmniauthCallbacksController#redirect_callbacks #186

Merged pull requests:

  • Added polish translation. #405 (h3xed)
  • Implement hook methods for customized json rendering #384 (neutronz)
  • fix(oauth): fixes #368: do not serialize the entire user object in the url when redirecting from oauth #371 (nbrustein)
  • Add a Gitter chat badge to README.md #360 (gitter-badger)
  • Improvements to the docs. #358 (aarongray)
  • Add description to readme about the devise.rb initializer. #356 (aarongray)
  • Correct handling namespaced resources #355 (yivo)
  • Fix concern not being inserted for rails-api apps. #350 (aarongray)
  • Add documentation to explain gotcha with rails-api. #349 (aarongray)
  • Fully support OmniauthCallbacksController action overrides. Fixes #186. #347 (tbloncar)
  • #340 Restrict access to controllers methods #341 (gkopylov)
  • fix(omniauth): fix error in setting text on redirect page #336 (nbrustein)
  • Fix invalid omniauth redirect #322 (troggy)

v0.1.34 (2015-08-10)

Full Changelog

Implemented enhancements:

  • Rails generator to update views #33
  • Extract Omniauth attributes assignation into a method #31

Fixed bugs:

  • Generator issues #13

Closed issues:

  • Routing error / Preflight request / OPTIONS #320
  • Can't authorize (user_signed_in? always show false) #315
  • Warden::SessionSerializer - wrong number of arguments (2 for 1) #312
  • Having 401 Unauthorized only with mobile #305
  • remove unused nickname, image from user object #304
  • HI, This is more of a doubt since I could not finding anything related to this in your documentation. #300
  • Getting 401's when making requests using iOS/Android clients #299
  • Confirmation URL giving bad arguments #293
  • set_user_by_token not called in overriden controller #291
  • Question: Should we send password reset instructions to unconfirmed emails? #287
  • No route matches [GET] "/users/facebook/callback" #280
  • No route matches [GET] "/omniauth/:provider" #278
  • How to refresh token/expiry? #275
  • wrong number of arguments (1 for 0): in DeviseTokenAuth::RegistrationsController#create #274
  • Can not save a user with nil tokens attribute #271
  • Shouldn't validate_token param be access-token, not auth_token? #270
  • include associations on login #269
  • Getting Unauthorized error even after sending the correct token, uid and client #261
  • Weird error message #259
  • undefined method `provider' for #<User:0x007f49fd5da2e8> #257
  • File download with query params #246
  • Info: is devise_token_auth compatible with rails 3.2.19? #245
  • Headers required for different methods #243
  • Unpermitted parameters: format, session, lang #239
  • On sign_in, devise_token_auth expects the uid to be the same as the email #237
  • Name conflict with inherited_resources #236
  • sign_in will not fetch the token #234
  • Log in request 401 error #231
  • User Registration - "email address already in use" when it is unique #230
  • Devise email validation disabled...why? #229
  • confirm_success_url error not working #226
  • pending_reconfirmation called when confirmable isn't used #224
  • omniauth_success.html.erb JSON bug #221
  • Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application #218
  • Where can I got token? #217
  • URI fragment prevent to send params in Confirmation URL #213
  • Limit tokens hash? #208
  • 500 error returned when no data is POSTed to registration controller #203
  • DELETE method becoming OPTIONS @ Heroku #197
  • 40 Mb log file and 1 minute to have token with curl #195
  • 401 unauthorized #193
  • GET requests to sign_in shouldn't raise an exception #190
  • Api not locked by default #189
  • Rails 4.1 #187
  • Token based authentication with no sessions #183
  • undefined method `authenticate_user!' #182
  • confirm_success_url shouldn't be a required param #176
  • Provide an OAuth implementation for native apps #175
  • getting an argument error when trying to use omniauth #174
  • Sign in via username doesn't seem to work correctly. #173
  • Cannot use + sign in email address. #171
  • How can i authenticate using curl and get private entries ! #167
  • Pessimistic Locking produces ArgumentError #165
  • POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API #162
  • Sign out just on client side ? #161
  • Unpermitted parameter: redirect_url #160
  • Issues using devise and devise_token_auth #159
  • Add role based authorization #158
  • Not compatible with ActiveAdmin #156
  • [Duplicate] is devise_invitable supported? #154
  • User can register with a "false" email #149
  • /validate_token #148
  • Email confirmation link #147
  • Tokens field on database #146
  • Twitter OAuth always throughs CookieOverflow #145
  • Is there a way to configure apiUrl for both dev and prod? #144
  • Getting 401 unauthorized on login attempt #142
  • Comparing with jwt #140
  • Can't get omniauth to work (error in redirect_callbacks) #139
  • Change controller inheritance #138
  • Reset Password call returns 400 for Not Found user #137
  • The gem is too big. Please take care of it. #136
  • Error when loging with facebook the second time without logout #135
  • OmniAuth redirect doesn't work if using the generated mount_devise_token route #133
  • Missing template /omniauth_response #132
  • Unpermitted parameter: session #130
  • OAuth error: We're sorry, but something went wrong #129
  • Would it be useful to integrate login with username ? #127
  • Sign in with login instead of email #126
  • Error sending password reset email when not using confirmable #124
  • Using expired token for parallel calls #123
  • User tokens don't properly deserialize #121
  • Could not load 'omniauth' #118
  • bad argument (expected URI object or URI string) #116
  • devise_token_auth for public API, but devise for rest of app? #114
  • Omniauthable deleted on UsersConcern : Why ? #111
  • Unrequired route #110
  • raises NoMethodError instead of displaying error when email is missing #108
  • Error with RailsAdmin. "The action 'new' could not be found for DeviseTokenAuth::SessionsController" #107
  • Circular dependency detected while autoloading constant Api #106
  • Can't Authenticate via cURL #105
  • Unpermitted parameters: user, registration #104
  • BCrypt::Errors::InvalidSalt errors #103
  • Active job token expiring integration #102
  • The action 'new' could not be found for DeviseTokenAuth::RegistrationsController #100
  • Disable confirmable #99
  • responders - rails 4.2 #98
  • forward skip to devise #97
  • API versioning the devise scope of token validation and ominiauth controller path will wrap up #96
  • Overwriting default "from" email address #94
  • uninitialized constant DeviseTokenAuth #92
  • change_headers_on_each_request not working expiry header empty #90
  • Gem render consistency #87
  • Sample Sessions Controller for logging in via Rails View. #86
  • Change authorization key: Use phone_number instead of email #84
  • Conflict with active_admin gem #83
  • NoMethodError in DeviseTokenAuth::OmniauthCallbacksController#redirect_callbacks #82
  • All the APIs are getting 'Authorized users only' #81
  • Is Devise option Rememberable required ? #80
  • Problem with skip_confirmation! #78
  • Cannot reset password if registered by omniauth #77
  • NoMethodError at /omniauth/facebook/callback - undefined method `[]' for nil:NilClass #76
  • Skipping Registrations Controller Altogether #70
  • Problem in validate_token if the model is in a namespace #69
  • Cannot send confirmation email if there is no 'User' model #68
  • Better guidelines for contributors #65
  • admin namespace #63
  • Devise trackable module not working #62
  • Devise_token_auth without OmniAuth authentication #60
  • Reset Password error #59
  • Confirmable - unconfirmed email #58
  • Email Column Isn't Used for Database Authentication #56
  • Unique Key for Provider and UID Combination #55
  • User Info in separate table or removed #53
  • rename @user to @resource #48
  • Active_admin issue #47
  • Possible Logout Issue #46
  • Routes not appended to routes.rb #45
  • Return resource.errors.full_messages in addition to resource.errors #44
  • Devise and Devise_Token_Auth in api namespace #43
  • Trackable attributes are not being updated. #42
  • Avoid using respond_to in application controller #41
  • devise_token_auth assumes you want the :confirmable functionality #40
  • undefined method `match' for nil:NilClass #39
  • Expired token aren't removed when session expires #38
  • sign_up helper #37
  • self.tokens[client_id]['token'] != token #30
  • How is the uid generated for non-omniauth users? #29
  • Access to current_user variable? #28
  • Filter chain halted as :require_no_authentication #27
  • Allow additional parameters for registration #25
  • Cannot add more parameters at sign_up #22
  • Error on Registration #21
  • Error with authentication #20
  • Cascade of Issues with Omniauth(?) #18
  • Batch Requests Respond with Original Auth Token #17
  • Sign out with email provider error #16
  • sessions_controller.rb #12
  • Github login in example is broken #10
  • Facebook auth is broken #9
  • Generator is not working #8
  • Test ticket from Code Climate #6
  • Test ticket from Code Climate #5
  • extending the devise_token_auth user model #4
  • A few ideas #3
  • Google Oauth2 does not set cookies in production. #1

Merged pull requests:

* This Change Log was automatically generated by github_changelog_generator

* This Change Log was automatically generated by github_changelog_generator

* This Change Log was automatically generated by github_changelog_generator

* This Changelog was automatically generated by github_changelog_generator