devise-jwt: Authorization header is not being returned

I’m scratching my head with this one and have seen people have had similar issues. I wondering if these doesn’t work if you have Devise custom controllers. Here is my code (I’ve omitted some details for brevity)

config/initializers/devise.rb

config.jwt do |jwt|
  jwt.secret = 'c6977142e3d968eb45a955b89b095f55cc8e2640e159682d6a49bfe3c0c2a937a6f4420a181e962dd0cb64233b93756ad34fd6dc8a311d2045b5c06bcbc828e6'
  jwt.request_formats = {
                        landlord: [:json],
                      }
  jwt.dispatch_requests = [
                          ['POST', %r{^/api/lanlords/sign_in.json$}]
                        ]
  end

config/routes.rb

devise_for :landlords, defaults: { format: :json }, :controllers => {:sessions => "landlords/sessions"},
:path => '/api/landlords'

config/application.rb

class Application < Rails::Application
      config.middleware.insert_before 0, Rack::Cors do
       allow do
    origins "localhost:3000", "127.0.0.1:3000", "*"
    resource "*",
      :headers => :any,
      :expose  => [
        "X-Requested-With",
        "Content-Type",
        "Authorization",
        "Accept",
        "Client-Security-Token",
        "Accept-Encoding",
        "iat",
        "exp",
        "jti"
      ],
      :methods => [:get, :post, :options, :delete, :put, :head]
  end

gemfile

gem 'devise'
gem 'devise-jwt', '~> 0.3.0'

request

About this issue

Original URL
State: closed
Created 7 years ago
Comments: 25 (10 by maintainers)

Commits related to this issue

Remove trailing / from path [#37] — committed to waiting-for-dev/devise-jwt by waiting-for-dev 7 years ago

Most upvoted comments

@russellvaughan Mine worked after I set dispatch_requests and revocation_requests in config/initializers/devise.rb

  config.jwt do |jwt|
    jwt.secret = ENV['DEVISE_JWT_SECRET_KEY']
    jwt.request_formats = {
      landlord: [nil, :json]
    }
    jwt.dispatch_requests = [
      ['POST', %r{^/api/v1/login([.]json)?$}]
    ]
    jwt.revocation_requests = [
      ['POST', %r{^/api/v1/logout([.]json)?$}]
    ]
  end

+30

kristw on Jul 30, 2018

@farverio I’m afraid covering each individual workflow a user could follow when installing it is impossible. The README tries to follow a complete workflow where, of course, you may have to ignore something (like jwt_payload in your case). You have a lot more information about revocation strategies further down the file. Docs are far from stopping setup instructions in gem install line. Of course, as always, PR’s improving anything, also the documentation, are more than welcome.

waiting-for-dev on Jun 17, 2019

Might not be related with original problem, but when this happened to me I realized I forgot the sign_in method in my custom login action. I got the Authorization header when I added it back in.

yangez on Sep 5, 2018

@russellvaughan Mine worked after I set dispatch_requests and revocation_requests in config/initializers/devise.rb

  config.jwt do |jwt|
    jwt.secret = ENV['DEVISE_JWT_SECRET_KEY']
    jwt.request_formats = {
      landlord: [nil, :json]
    }
    jwt.dispatch_requests = [
      ['POST', %r{^/api/v1/login([.]json)?$}]
    ]
    jwt.revocation_requests = [
      ['POST', %r{^/api/v1/logout([.]json)?$}]
    ]
  end

This also worked for me after 2 days of head bangs

nasirshamshad on Sep 18, 2020

I was running into a similar issue upon user registration. I wasn’t using any custom paths or controllers or anything. The issue ended up being that I wasn’t actually signing the user in after registration since they were confirmable. Pretty dumb on my part, but adding config.allow_unconfirmed_access_for = 1.hour in devise.rb resolved that issue.

That may or may not be helpful to anyone else, but figured I’d add where I went wrong.

KenneyE on Sep 13, 2020

Haha. Yes definitely restarting (but always worth checking!) I am getting a successful sign in (so 200s with user info in the body)

I’m not too sure where to go with this one!

Does everything look correct in my details? Any other logging I can do?

russellvaughan on Aug 31, 2017

If you configure dispatch_requests regexp to end with .jsonand, at the same time, configure request_formats as :json, it means that the matched URL will be *.json.json. Just remove dispatch_requests configuration, as it is automatically configured for a regular sign in, and it should work.

waiting-for-dev on Aug 31, 2017