Getting Started With Rails Devise Token Auth


Hello! ๐Ÿ‘‹ Recently I had to use Rails devise_token_auth at work, so for my future self, and hopefully you the reader. I will show you how you can implement this easily. ๐Ÿ˜ƒ

First we need to actually create the project.

Initializing The Project

Creating a new project is easy with the rails command:

rails new devise_auth_token

Once the command is finished, enter your newly created project and open up the "Gemfile" and enter the following two gems required:

gem "devise"
gem "devise_token_auth"

Save the file and then run the following command to install both of the gems:

bundle install

Next we will also need to install both of the gems, this can be done via the following commands:

rails g devise:install
rails g devise_token_auth:install User auth

Finally we need to migrate the database, which can be done via:

rails db:migrate

Done! ๐Ÿ˜† Next we need to configure the devise plugins.

Configuring Devise

Now that we have installed devise we next need to change some of the settings.

Open up config/initializers/devise_token_auth.rb and add the following oneline:

config.change_headers_on_each_request = false

If you want the headers to change after every request set the above to "true", for testing purposes I have changed it to false but you may want to change the headers on each request for added security.

Next open up app/controllers/application_controller.rb and add the following:

protect_from_forgery unless: -> { request.format.json? }

Since we don't use sessions and use our own tokens we don't really need forgery protection. But I recommend you don't set the above if you plan on session management.

Next create a new Controller to test out authentication, this can be done with the following command:

rails g controller game

This should create a new "GameController", open up the new GameController and add the following:

class GameController < ApplicationController
  before_action :authenticate_user!

  def index
    render :nothing => true, :status => :ok 

Adding "authenticate_user!" means the user will need to actually sign in before accessing the contents.

Next create a new directory "app/views/game", and create new "index.html.erb" file with the following contents:


Simple I know. Next we need to configure the route to access this which can be done by adding the following to "config/routes.rb":

resources :game, only: [:index]

Make sure to include the only as if left it rails we add a bunch of redeundent routes to your project, which is not desired.

Done! Now we can finally test it out! ๐Ÿ˜Ž

Testing The Implementation

Finally we get to test the implementation! ๐Ÿ˜„

The following command allows you to register a user:

curl localhost:3000/auth -X POST -d '{"email": "", "password": "password", "password_confirmation": "password"}' -H "content-type:application/json"

The next command allows you to sign in as a user and will give you the authentication headers.

curl localhost:3000/auth/sign_in -i -X POST -d '{"email": "", "password": "password"}' -H "content-type:application/json"

Finally we can access the Game view via the following command: (Please note the headers will be deferent)

curl localhost:3000/game -H "access-token: rvb5ZQTOu8QNv7K9cSGSdA" -H "client: RkgM3tLEWiUOcfwrJWiCSg" -H "uid:"

The response should give the HTML file. Also if you change any of the headers to something incorrect you should get a 401 please sign in response. ๐Ÿ˜ธ

Feel free to use this in your project.


Here I have shown how you can implement devise token auth into a new Rails project. It was a lot easier than I expected, but I decided to write it down for future me and hopefully this post has helped you. ๐Ÿ˜บ

As always you can find the sample code at my Github:

Like me work? I post about a variety of topics, if you would like to see more please like and follow me. Also I love coffee.

โ€œBuy Me A Coffeeโ€

If you are looking to learn Algorithm Patterns to ace the coding interview I recommend the following course