Add a note about APIs in token authenticatable, closes #1959

2022-11-09 12:18:31 -05:00 · 2012-07-23 16:12:38 +02:00 · 2012-07-23 16:12:38 +02:00 · 1da8490dbc
commit 1da8490dbc
parent 6e79c5c242
2 changed files with 13 additions and 1 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@ -1,6 +1,6 @@
 * enhancement
  * Default minimum password length is now 8 (by @carlosgaldino).
-  * Confirmable now has a confirm_within option to set a period when the confirmation token is still valid (by @promisedlandt)
+  * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt)

 * bug fix
  * Fix a regression introduced on warden 1.2.1 (by @ejfinneran)
--- a/lib/devise/models/token_authenticatable.rb
+++ b/lib/devise/models/token_authenticatable.rb
@ -18,6 +18,18 @@ module Devise
    # If you want to delete the token after it is used, you can do so in the
    # after_token_authentication callback.
    #
+    # == APIs
+    #
+    # If you are using token authentication with APIs and using trackable. Every
+    # request will be considered as a new sign in (since there is no session in
+    # APIs). You can disable this by creating a before filter as follow:
+    #
+    #   before_filter :skip_trackable
+    #
+    #   def skip_trackable
+    #     request.env['devise.skip_trackable'] = true
+    #   end
+    #
    # == Options
    #
    # TokenAuthenticatable adds the following options to devise_for: