devise_token_auth: A few refreshes after login gives me a blank access token and expiry, logging me out

When posting issues, please include the following information to speed up the troubleshooting process:

Version: which version of this gem (and ng-token-auth, jToker or Angular2-Token if applicable) are you using?

Using redux-token-auth which autorefreshes the token on validateCredentials. Seems to mostly work fine until an invalid response.

Request and response headers: these can be found in the “Network” tab of your browser’s web inspector.

First one:

Request URL:http://localhost:3000/api/auth/validate_token?access-token=JP7aoQJ0JCy50ksfdsF42Q&client=A72aCNAduLuSDjx0rGTVTA&uid=myemail@gmail.com
Request Method:GET
Status Code:200 OK
Remote Address:127.0.0.1:3000
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
access-token:Hlc_RCopM1QX9a0NWegU3A
Cache-Control:max-age=0, private, must-revalidate
client:A72aCNAduLuSDjx0rGTVTA
Content-Type:application/json; charset=utf-8
ETag:W/"93ce4582abd43b223155086735015a04"
expiry:1525370698

Second one:

Request URL:http://localhost:3000/api/auth/validate_token?access-token=Hlc_RCopM1QX9a0NWegU3A&client=A72aCNAduLuSDjx0rGTVTA&uid=myemail@gmail.com
Request Method:GET
Status Code:200 OK
Remote Address:127.0.0.1:3000
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
access-token:
Cache-Control:max-age=0, private, must-revalidate
client:A72aCNAduLuSDjx0rGTVTA
Content-Type:application/json; charset=utf-8
ETag:W/"93ce4582abd43b223155086735015a04"
expiry:

Rails Stacktrace: this can be found in the log/development.log of your API.

n/a

Environmental Info: How is your application different from the reference implementation? This may include (but is not limited to) the following details:
- Routes: are you using some crazy namespace, scope, or constraint?

Gems: are you using MongoDB, Grape, RailsApi, ActiveAdmin, etc.?

Nothing unusual

Custom Overrides: what have you done in terms of custom controller overrides?

n/a

Custom Frontend: are you using ng-token-auth, jToker, Angular2-Token, or something else?

About this issue

Original URL
State: closed
Created 6 years ago
Reactions: 2
Comments: 15 (3 by maintainers)

Commits related to this issue

redux-token-auth の参照リポジトリを変更 devise_token_auth でアクセストークンが空で返ってくることがある https://github.com/lynndylanhurley/devise_token_auth/issues/1147 解としてはコメントで言われているように、change_headers_on_each_requestをfalseにすることではな... — committed to ArtefactGitHub/Re_P_WebMonster by ArtefactGitHub 5 years ago

Most upvoted comments

A blank access-token means that the token has not changed. You can still send the same token at the next request. That’s all.

If it is logging you out, that’s something that you should fix in your frontend, which should consider that you can still consider your last token as the current one.

+18

LeoGardel on Aug 22, 2018

I just spend a whole day debugging this issue. It would be great to add this to the docs.

jeremylynch on Dec 31, 2018

@lightninglu10 I didn’t have time to go in-depth so I just added a 1 second delay on all page loads before rendering the stuff inside the router, it seems to have done the trick

djvs on May 8, 2018

Spent a decent amount of time debugging this as well. It should be added to the doc.

K-Sato1995 on Nov 20, 2019

and the subsequent requests in the batch will not return a token. that’s said in https://devise-token-auth.gitbook.io/devise-token-auth/conceptual

But should we set change_headers_on_each_request the default to false? Because it’s causing more troublesome and confusion as enabled.

MaicolBen on Sep 8, 2018

hey @ludazhao , in config/initializers/devise_token_auth.rb just stick

  config.change_headers_on_each_request = false

I think you won’t be able to get the refresh token so after 2 weeks or however long your auth session lasts for your user will be logged out, but at least they’ll be logged in for 2 weeks.

lightninglu10 on May 9, 2018