Search code examples

Authlogic and Single Access Token

I am having a hard time finding a simple tutorial on how to enable single access token authentication using authlogic. There is some documentation but it isn't very helpful.

I added single_access_token to my db, I added this:

  single_access_allowed_request_types :any

to my Session class. but I still don't understand how a user is authenticated using the credentials param that is passed over every call. My require_authentication before filter does a standard check for current_user like this:

 def current_session
    return @current_session if @current_session
    @current_session = Session.find

  def current_user
    @current_user = current_session && current_session.record

But is that enough to work? Does the Session.find method do the magic to log the user is based on my params or do I have to create separate method that actually check if the user_credentials param is there and then find the user based on it and then log that user in. I am confused if I really am "creating" a new session everytime I use a SAT or if I'm just setting current user in a before filter every time an API call is made.

Any help would be amazing! Thanks!


  • I implemented a single_access_token solution with authlogic and what I had to do was add single_access_allowed_request_types :all to the UserSession model.

    Then I added the following to the controller where I wanted to allow single_access_token authentication.

      def single_access_allowed?

    It looks like you're missing the controller code. So if you had two actions "get_user_info" and "update_user_info" you would add.

      def single_access_allowed?