Change Log

v1.2.3 (2023-11-13)

Full Changelog

Merged pull requests:

Fix Rails version comparison #1614 (santib)
Fix registration spec failure #1613 (MaicolBen)
Fixes 'redirect_options' addition for 'redirect_to' in confirmations #1612 (kaekasui)
Faker safe_email -> email #1607 (hatsu38)
Support for writing style deprecated in 7.1 and removed in 7.2 #1606 (hatsu38)
Bump to 1.2.2 #1602 (MaicolBen)

v1.2.2 (2023-06-11)

Full Changelog

Closed issues:

keep getting a 401 on overriden create devise #1598
Method sign_in called with incorrect paramenters #1585
Release latest version, there are too many fixes in the master waiting to be released #1560
NoMethodError: undefined method `downcase' for nil:NilClass #1540
Confirming an already confirmed user -- still not quite working. #1123
Email confirmation route #1110

Merged pull requests:

Don't leak information about the existence of accounts in SessionsController #1600 (moritzhoeppner)
Update faker requirement from ~> 2.16 to ~> 3.2 #1593 (dependabot[bot])
Update mongoid-locker requirement from ~> 1.0 to ~> 2.0 #1592 (dependabot[bot])
dependencies/dependabot configuration #1590 (jotolo)
Remove sprockets #1589 (MaicolBen)
update/test configuration Rails7 and mongoid7 #1588 (jotolo)
brakeman vulnaribility UnsafeReflection. #1587 (ryanfox1985)
Method sign_in with wrong parameters #1586 (lazaronixon)
update/Ruby 3.x and Rails 7.0 #1584 (jotolo)
Add support for ruby 3 & fix test suite #1582 (MaicolBen)
chore: add vanilla-token-auth to client list #1578 (theblang)
🐛 Not update cookies when is a batch request #1577 (djpremier)
Revert "Fix unpermitted parameters warning" #1571 (MaicolBen)
Fixed vulnerabilities #1569 (ryanfox1985)
Fix unpermitted parameters warning #1568 (remy727)
Remove bearer token if cookie_enabled is true #1567 (rhiroshi)
Update initializer template #1564 (djpremier)
Allow omniauth redirect post method #1563 (florindiconescu)
Avoid raising a RoutingError when confirming a user twice #1557 (micred)

v1.2.1 (2022-09-10)

Full Changelog

Closed issues:

registrations controller. tokens only for authenticated #1553
Rails 7 support #1552
Not working with any version of Rails 6 and 7 #1551
Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes #<Psych::SyntaxError #1548
undefined local variable or method `cookies' for #<Api::MesController:0x00007f93aa1cb9f8> #1538
Rails 7 support? #1533
Request: #1526
Rails 7 Issue #1523
Bearer Token Usage #1522
Got "ActionDispatch::Request::Session::DisabledSessionError" #1521
Travis CI migration or alternatives #1518
Update dependency to support Rails 7.0.0.rc1 #1515
Devise, devise_auth_token and activeadmin with 2 different models - Controller error #1512
Paranoid mode still returning a distinguishable 404 responses #1510
Invalid client with google-oauth2 #1499
Concurrency issue? #1497
Doesn't seem to follow Bearer Token authorization spec...? #1487
Can we have a new version released? #1483
Token invalidation after canceled request by the frontend app #1232
FrozenError (can't modify frozen Hash) #1151
Password Reset Links Invalidated After Being Clicked #1141
Authorization Request Header Field? #902
jsonb token #841

Merged pull requests:

add redirect_to options for rails7 allow_other_host #1599 (ihatov08)
Update changelog #1555 (MaicolBen)
Add custom uid reference #1554 (florindiconescu)
Update ja.yml #1550 (RaziAhmad123)
Fixed ja.yml because CI failed. #1547 (hatsu38)
Translate the unlocks, confirmations message into Japanese #1544 (hatsu38)
Set cookie token immediately in reset password and OmniAuth success flows #1542 (theblang)
Added 'Authorization' header with bearer token #1534 (rhiroshi)
add previous\_token #1520 (sudhanshug16)
Migrate to GitHub Actions #1519 (enomotodev)
Support Rails 7.0 #1517 (enomotodev)
[bugfix] omniauth: handle POST action redirects #1509 (lynndylanhurley)
Fix the doc missing configure devise mail sender #1504 (hsonthach)
Fix callback if migrations fails #1502 (thooams)
wrap creation and save of token in a transaction #1498 (pascalbetz)
Increase required ruby version to 2.3 #1495 (mcelicalderon)
Turn email validation process into class method #1494 (muratiger)
Update faq.md #1493 (SUMAR7)

v1.2.0 (2021-07-19)

Full Changelog

Implemented enhancements:

Paranoid mode is non existent #1100
Add paranoid mode #1378 (luisalima)

Closed issues:

DeviseTokenAuth::Errors::InvalidModel #1485
How not to update the headers when the api server returns a response with an error status #1476
Does not install on Rails 6.1 and Ruby 2.7, fresh install #1475
Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated #1474
@token not assigned prior to delete/destory #1465
Installing devise_token_auth on MacOS, rails conflict #1458
Deprecation warning connection\_config is deprecated and will be removed from Rails 6.2 when using Rails 6.1 #1451
Trying to integrate with devise-multi_email #1421
Rails email change not send confirmation emaill #1338

Merged pull requests:

Fix Paranoid Status Codes #1524 (keithdoggett)
Bump version to 1.2.0 #1492 (MaicolBen)
Fix unescape and keyword parameters warning #1490 (muratiger)
check password changed only when using password authentication #1486 (qiuyin)
Add new param FAQ #1481 (muratiger)
fix mongoid detecting bug #1478 (qiuyin)
replace deprecated constant BLACKLIST_FOR_SERIALIZATION #1473 (prashant-kiwi)
Workaround for cc-test-reporter with SimpleCov 0.18 #1472 (enomotodev)
Fix mongo setup in travis #1471 (MaicolBen)
Use the same behavior than the deprecated URI.escape #1470 (MaicolBen)
Replace URI::escape which was removed in Ruby 3 #1468 (alea12)
Update connection_config to connection_db_config #1467 (melnik0v)
Fix docs/config/initialization.md #1464 (yoshitsugu)
Fix omniauth version until devise fixes omniauth requirement #1463 (MaicolBen)
Add support for sending and receiving the auth token via a server cookie #1453 (theblang)
Fix critical error on registration with confirmation mode #1447 (pnghai)

v1.1.5 (2020-12-08)

Full Changelog

Closed issues:

Update dependency to support Rails 6.1/6.1.0.rc1 #1443
undefined method `tokens' for #<Hash: #1442
Wrong tokens after server restarts? #1430
ConfirmationsController#show - undefined method `rails51?' for Devise:Module #1429
Persisting sessions with Warden #1426
Active_Admin and devise_auth_token #1424
Rails51? method is dropped from devise gem #1411
Rails 6.0.3.1 generate error #1409
Does this integrate with devise? #1408
Email and Password Can't be blank #1405
Release new version? #1403
Generator is not compatible with Rails 6 #1400
Add some tags to this project? #1399
After sign in, any access-token is valid with correct client #1394
Gitbook docs table too wide #1383
set_request_start overrides token set by earlier current_user call #1370
override authenticate_user! error response method #1369
Check how long an existing token is going to last #1357
Why is Trackable option still active? #1356
Force users to reset passwords on the first logins #1354
undefined local variable or method `resource_name' #1352
Rails 6.1 DEPRECATION WARNING: Uniqueness validator case sensitivity #1345
NoMethodError (undefined method `saved_change_to_attribute?' with Mongoid #1335
Sessions POST being forwarded to GET and returning 405 #1294
How do I obtain a token using omniauth-saml ? #960

Merged pull requests:

Enable rails 6.1 #1446 (MaicolBen)
Add email validation errors via add #1445 (artplan1)
not work alongside standard Devise for class with namespace, use mapping directly as scope #1440 (islue)
Add mssing methods to Controller Overrides Docs #1437 (dominikdarnel)
make DTA respect controller overrides it doesn't know about #1435 (akatz)
Remove unnecessary require_relative the file should be autoloaded #1433 (jprosevear)
feat(Route): Accept override #1432 (plribeiro3000)
Enhancement: remove unnecessary statement in destroy session #1431 (martinjaimem)
chore(deps): remove Sprockets requirement #1428 (booleanbetrayal)
Serialize updated at without to s #1423 (MaicolBen)
missing space in migration generator #1422 (ngouy)
Avoid nullyfing token when current_user is called before #1417 (MaicolBen)
Avoid failing on undefined variable for invalid record #1416 (MaicolBen)
Fix parent class name generator for rails 6 #1414 (MaicolBen)
Reduce config variables doc table width #1413 (MaicolBen)
Fix crash on devise 4.7.2+ #1412 (pnghai)
Ignore sync uid in case confirmable mail changed #1407 (pnghai)
Bump version to 1.1.4 #1406 (MaicolBen)
Memorize current_#{group_name} to avoid error #722 (Charlie-Hua)

v1.1.4 (2020-06-02)

Full Changelog

Closed issues:

possible to disable the self-registration endpoint? #1402
Axios formatting and Rails controller validation? #1380
NoMethodError (undefined method `client' for "<token>":String) #1375
mation_instruction #1373
Unpermitted parameter :session when signing in using javascript fetch #1361
How do i authenticate with graphql-ruby? #1360
Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable #1013

Merged pull requests:

Update faq.md #1439 (sizief)
Update faq.md #1401 (mdjamal)
Update assign_provider_attrs to strip 'name' field #1398 (SpLouk)
Fix grammar #1396 (arku)
[Refactor] fixed "not_email" setting in ja.yml #1395 (eitches)
CI build fix: Pin to pry < 0.13 for 2.3 support, workaround CodeClimate reporter issue #1393 (olleolleolle)
Fix broken link #1392 (dlederle)
Fix: Save user authentication token after email confirmation #1391 (gabrielbursztein2)
Fix token-type header key in testing example docs #1390 (goalaleo)
Issue - 1358 Argument error when converting token updated_at using to… #1388 (saichander17)
Validate that token is valid for patch request last token #1386 (ahmedmagdy711)
Fix docs/usage/reset_password.md #1382 (K-Sato1995)
Fix missing polish and portugese missing translation errors #1377 (woochaq)
[Documentation] write complete path for authentication_test_spec.rb #1376 (cprodhomme)
Add case sensitive option required to prevent deprecation warning in … #1368 (niciliketo)
Add rails 6.0 config to travis #1366 (brateq)
Add docs for confirmation endpoint #1365 (brateq)
Remove Trackable option from generator #1362 (SugiKent)
Please merge again #1350 (exocode)
Fix dead link #1349 (tegandbiscuits)
detect Mongoid (till Mongoid will implement it) #1348 (exocode)
feat(oauth-apple): support Sign in with Apple as a documented OmniAuth provider #1347 (booleanbetrayal)
Add Korean locale #1346 (ghost)
doc: remove duplicated test case on ./docs/usage/testing.md #1344 (miyataka)
Fix to be able to use Devise::confirmable module #1343 (makicamel)
repeat any query params after a fragment #1341 (colmben)

Change Log

Unreleased

Full Changelog

Merged pull requests:

Fix Rails version comparison #1614 (santib)
Fix registration spec failure #1613 (MaicolBen)
Fixes 'redirect_options' addition for 'redirect_to' in confirmations #1612 (kaekasui)
Faker safe_email -> email #1607 (hatsu38)
Support for writing style deprecated in 7.1 and removed in 7.2 #1606 (hatsu38)
Bump to 1.2.2 #1602 (MaicolBen)

v1.2.2 (2023-06-11)

Full Changelog

Closed issues:

keep getting a 401 on overriden create devise #1598
Method sign_in called with incorrect paramenters #1585
Release latest version, there are too many fixes in the master waiting to be released #1560
NoMethodError: undefined method `downcase' for nil:NilClass #1540
Confirming an already confirmed user -- still not quite working. #1123
Email confirmation route #1110

Merged pull requests:

Drop support for ruby 2.4 #1601 (MaicolBen)
Don't leak information about the existence of accounts in SessionsController #1600 (moritzhoeppner)
add redirect_to options for rails7 allow_other_host #1599 (ihatov08)
Update faker requirement from ~> 2.16 to ~> 3.2 #1593 (dependabot[bot])
Update mongoid-locker requirement from ~> 1.0 to ~> 2.0 #1592 (dependabot[bot])
dependencies/dependabot configuration #1590 (jotolo)
Remove sprockets #1589 (MaicolBen)
update/test configuration Rails7 and mongoid7 #1588 (jotolo)
brakeman vulnaribility UnsafeReflection. #1587 (ryanfox1985)
Method sign_in with wrong parameters #1586 (lazaronixon)
update/Ruby 3.x and Rails 7.0 #1584 (jotolo)
Add support for ruby 3 & fix test suite #1582 (MaicolBen)
chore: add vanilla-token-auth to client list #1578 (theblang)
🐛 Not update cookies when is a batch request #1577 (djpremier)
Revert "Fix unpermitted parameters warning" #1571 (MaicolBen)
Fixed vulnerabilities #1569 (ryanfox1985)
Fix unpermitted parameters warning #1568 (remy727)
Update initializer template #1564 (djpremier)
Allow omniauth redirect post method #1563 (florindiconescu)
Avoid raising a RoutingError when confirming a user twice #1557 (micred)
Add custom uid reference #1554 (florindiconescu)

v1.2.1 (2022-09-10)

Full Changelog

Closed issues:

registrations controller. tokens only for authenticated #1553
Rails 7 support #1552
Not working with any version of Rails 6 and 7 #1551
Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes #<Psych::SyntaxError #1548
undefined local variable or method `cookies' for #<Api::MesController:0x00007f93aa1cb9f8> #1538
Rails 7 support? #1533
Request: #1526
Rails 7 Issue #1523
Bearer Token Usage #1522
Got "ActionDispatch::Request::Session::DisabledSessionError" #1521
Travis CI migration or alternatives #1518
Update dependency to support Rails 7.0.0.rc1 #1515
Devise, devise_auth_token and activeadmin with 2 different models - Controller error #1512
Paranoid mode still returning a distinguishable 404 responses #1510
Invalid client with google-oauth2 #1499
Concurrency issue? #1497
Doesn't seem to follow Bearer Token authorization spec...? #1487
Can we have a new version released? #1483
Token invalidation after canceled request by the frontend app #1232
FrozenError (can't modify frozen Hash) #1151
Password Reset Links Invalidated After Being Clicked #1141
Authorization Request Header Field? #902
jsonb token #841

Merged pull requests:

Remove bearer token if cookie_enabled is true #1567 (rhiroshi)
Update changelog #1555 (MaicolBen)
Update ja.yml #1550 (RaziAhmad123)
Fixed ja.yml because CI failed. #1547 (hatsu38)
Translate the unlocks, confirmations message into Japanese #1544 (hatsu38)
Set cookie token immediately in reset password and OmniAuth success flows #1542 (theblang)
Added 'Authorization' header with bearer token #1534 (rhiroshi)
Fix Paranoid Status Codes #1524 (keithdoggett)
add previous\_token #1520 (sudhanshug16)
Migrate to GitHub Actions #1519 (enomotodev)
Support Rails 7.0 #1517 (enomotodev)
[bugfix] omniauth: handle POST action redirects #1509 (lynndylanhurley)
Fix the doc missing configure devise mail sender #1504 (hsonthach)
Fix callback if migrations fails #1502 (thooams)
wrap creation and save of token in a transaction #1498 (pascalbetz)
Increase required ruby version to 2.3 #1495 (mcelicalderon)
Turn email validation process into class method #1494 (muratiger)
Update faq.md #1493 (SUMAR7)

v1.2.0 (2021-07-19)

Full Changelog

Implemented enhancements:

Paranoid mode is non existent #1100

Closed issues:

DeviseTokenAuth::Errors::InvalidModel #1485
How not to update the headers when the api server returns a response with an error status #1476
Does not install on Rails 6.1 and Ruby 2.7, fresh install #1475
Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated #1474
@token not assigned prior to delete/destory #1465
Installing devise_token_auth on MacOS, rails conflict #1458
Deprecation warning connection\_config is deprecated and will be removed from Rails 6.2 when using Rails 6.1 #1451
Trying to integrate with devise-multi_email #1421
Rails email change not send confirmation emaill #1338

Merged pull requests:

Bump version to 1.2.0 #1492 (MaicolBen)
Fix unescape and keyword parameters warning #1490 (muratiger)
check password changed only when using password authentication #1486 (qiuyin)
Add new param FAQ #1481 (muratiger)
fix mongoid detecting bug #1478 (qiuyin)
replace deprecated constant BLACKLIST_FOR_SERIALIZATION #1473 (prashant-kiwi)
Workaround for cc-test-reporter with SimpleCov 0.18 #1472 (enomotodev)
Fix mongo setup in travis #1471 (MaicolBen)
Use the same behavior than the deprecated URI.escape #1470 (MaicolBen)
Replace URI::escape which was removed in Ruby 3 #1468 (alea12)
Update connection_config to connection_db_config #1467 (melnik0v)
Fix docs/config/initialization.md #1464 (yoshitsugu)
Fix omniauth version until devise fixes omniauth requirement #1463 (MaicolBen)
Add support for sending and receiving the auth token via a server cookie #1453 (theblang)
Ignore sync uid in case confirmable mail changed #1407 (pnghai)

v1.1.5 (2020-12-08)

Full Changelog

Closed issues:

Update dependency to support Rails 6.1/6.1.0.rc1 #1443
undefined method `tokens' for #<Hash: #1442
Wrong tokens after server restarts? #1430
ConfirmationsController#show - undefined method `rails51?' for Devise:Module #1429
Persisting sessions with Warden #1426
Active_Admin and devise_auth_token #1424
Rails51? method is dropped from devise gem #1411
Rails 6.0.3.1 generate error #1409
Does this integrate with devise? #1408
Email and Password Can't be blank #1405
Release new version? #1403
Generator is not compatible with Rails 6 #1400
Add some tags to this project? #1399
After sign in, any access-token is valid with correct client #1394
Gitbook docs table too wide #1383
set_request_start overrides token set by earlier current_user call #1370
override authenticate_user! error response method #1369
Check how long an existing token is going to last #1357
Why is Trackable option still active? #1356
Force users to reset passwords on the first logins #1354
undefined local variable or method `resource_name' #1352
Rails 6.1 DEPRECATION WARNING: Uniqueness validator case sensitivity #1345
NoMethodError (undefined method `saved_change_to_attribute?' with Mongoid #1335
Sessions POST being forwarded to GET and returning 405 #1294
How do I obtain a token using omniauth-saml ? #960

Merged pull requests:

Fix critical error on registration with confirmation mode #1447 (pnghai)
Enable rails 6.1 #1446 (MaicolBen)
Add email validation errors via add #1445 (artplan1)
not work alongside standard Devise for class with namespace, use mapping directly as scope #1440 (islue)
Update faq.md #1439 (sizief)
Add mssing methods to Controller Overrides Docs #1437 (dominikdarnel)
make DTA respect controller overrides it doesn't know about #1435 (akatz)
Remove unnecessary require_relative the file should be autoloaded #1433 (jprosevear)
feat(Route): Accept override #1432 (plribeiro3000)
chore(deps): remove Sprockets requirement #1428 (booleanbetrayal)
Serialize updated at without to s #1423 (MaicolBen)
missing space in migration generator #1422 (ngouy)
Avoid nullyfing token when current_user is called before #1417 (MaicolBen)
Avoid failing on undefined variable for invalid record #1416 (MaicolBen)
Fix parent class name generator for rails 6 #1414 (MaicolBen)
Reduce config variables doc table width #1413 (MaicolBen)
Fix crash on devise 4.7.2+ #1412 (pnghai)
Bump version to 1.1.4 #1406 (MaicolBen)
Memorize current_#{group_name} to avoid error #722 (Charlie-Hua)

v1.1.4 (2020-06-02)

Full Changelog

Implemented enhancements:

Add paranoid mode #1378 (luisalima)

Closed issues:

possible to disable the self-registration endpoint? #1402
Axios formatting and Rails controller validation? #1380
NoMethodError (undefined method `client' for "<token>":String) #1375
mation_instruction #1373
Unpermitted parameter :session when signing in using javascript fetch #1361
How do i authenticate with graphql-ruby? #1360
Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable #1013

Merged pull requests:

Enhancement: remove unnecessary statement in destroy session #1431 (martinjaimem)
Update faq.md #1401 (mdjamal)
Update assign_provider_attrs to strip 'name' field #1398 (SpLouk)
Fix grammar #1396 (arku)
[Refactor] fixed "not_email" setting in ja.yml #1395 (eitches)
CI build fix: Pin to pry < 0.13 for 2.3 support, workaround CodeClimate reporter issue #1393 (olleolleolle)
Fix broken link #1392 (dlederle)
Fix: Save user authentication token after email confirmation #1391 (gabrielbursztein2)
Fix token-type header key in testing example docs #1390 (goalaleo)
Issue - 1358 Argument error when converting token updated_at using to… #1388 (saichander17)
Validate that token is valid for patch request last token #1386 (ahmedmagdy711)
Fix docs/usage/reset_password.md #1382 (K-Sato1995)
Fix missing polish and portugese missing translation errors #1377 (woochaq)
[Documentation] write complete path for authentication_test_spec.rb #1376 (cprodhomme)
Add case sensitive option required to prevent deprecation warning in … #1368 (niciliketo)
Add rails 6.0 config to travis #1366 (brateq)
Add docs for confirmation endpoint #1365 (brateq)
Remove Trackable option from generator #1362 (SugiKent)
Please merge again #1350 (exocode)
Fix dead link #1349 (tegandbiscuits)
detect Mongoid (till Mongoid will implement it) #1348 (exocode)
feat(oauth-apple): support Sign in with Apple as a documented OmniAuth provider #1347 (booleanbetrayal)
Add Korean locale #1346 (ghost)
doc: remove duplicated test case on ./docs/usage/testing.md #1344 (miyataka)
Fix to be able to use Devise::confirmable module #1343 (makicamel)
repeat any query params after a fragment #1341 (colmben)
CI: Use ruby 2.4.7 #1337 (olleolleolle)

Change Log

v1.2.2 (2023-06-11)

Full Changelog

Closed issues:

keep getting a 401 on overriden create devise #1598
Method sign_in called with incorrect paramenters #1585
Release latest version, there are too many fixes in the master waiting to be released #1560
NoMethodError: undefined method `downcase' for nil:NilClass #1540
Confirming an already confirmed user -- still not quite working. #1123
Email confirmation route #1110

Merged pull requests:

Drop support for ruby 2.4 #1601 (MaicolBen)
Don't leak information about the existence of accounts in SessionsController #1600 (moritzhoeppner)
add redirect_to options for rails7 allow_other_host #1599 (ihatov08)
Update faker requirement from ~> 2.16 to ~> 3.2 #1593 (dependabot[bot])
Update mongoid-locker requirement from ~> 1.0 to ~> 2.0 #1592 (dependabot[bot])
dependencies/dependabot configuration #1590 (jotolo)
Remove sprockets #1589 (MaicolBen)
update/test configuration Rails7 and mongoid7 #1588 (jotolo)
brakeman vulnaribility UnsafeReflection. #1587 (ryanfox1985)
Method sign_in with wrong parameters #1586 (lazaronixon)
update/Ruby 3.x and Rails 7.0 #1584 (jotolo)
Add support for ruby 3 & fix test suite #1582 (MaicolBen)
chore: add vanilla-token-auth to client list #1578 (theblang)
🐛 Not update cookies when is a batch request #1577 (djpremier)
Revert "Fix unpermitted parameters warning" #1571 (MaicolBen)
Fixed vulnerabilities #1569 (ryanfox1985)
Remove bearer token if cookie_enabled is true #1567 (rhiroshi)
Update initializer template #1564 (djpremier)
Allow omniauth redirect post method #1563 (florindiconescu)
Avoid raising a RoutingError when confirming a user twice #1557 (micred)
Added 'Authorization' header with bearer token #1534 (rhiroshi)

v1.2.1 (2022-09-10)

Full Changelog

Closed issues:

registrations controller. tokens only for authenticated #1553
Rails 7 support #1552
Not working with any version of Rails 6 and 7 #1551
Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes #<Psych::SyntaxError #1548
undefined local variable or method `cookies' for #<Api::MesController:0x00007f93aa1cb9f8> #1538
Rails 7 support? #1533
Request: #1526
Rails 7 Issue #1523
Bearer Token Usage #1522
Got "ActionDispatch::Request::Session::DisabledSessionError" #1521
Travis CI migration or alternatives #1518
Update dependency to support Rails 7.0.0.rc1 #1515
Devise, devise_auth_token and activeadmin with 2 different models - Controller error #1512
Paranoid mode still returning a distinguishable 404 responses #1510
Invalid client with google-oauth2 #1499
Concurrency issue? #1497
Doesn't seem to follow Bearer Token authorization spec...? #1487
Can we have a new version released? #1483
Token invalidation after canceled request by the frontend app #1232
FrozenError (can't modify frozen Hash) #1151
Password Reset Links Invalidated After Being Clicked #1141
Authorization Request Header Field? #902
jsonb token #841

Merged pull requests:

Fix unpermitted parameters warning #1568 (remy727)
Update changelog #1555 (MaicolBen)
Add custom uid reference #1554 (florindiconescu)
Update ja.yml #1550 (RaziAhmad123)
Fixed ja.yml because CI failed. #1547 (hatsu38)
Translate the unlocks, confirmations message into Japanese #1544 (hatsu38)
Set cookie token immediately in reset password and OmniAuth success flows #1542 (theblang)
Fix Paranoid Status Codes #1524 (keithdoggett)
add previous\_token #1520 (sudhanshu16)
Migrate to GitHub Actions #1519 (enomotodev)
Support Rails 7.0 #1517 (enomotodev)
[bugfix] omniauth: handle POST action redirects #1509 (lynndylanhurley)
Fix the doc missing configure devise mail sender #1504 (hsonthach)
Fix callback if migrations fails #1502 (thooams)
wrap creation and save of token in a transaction #1498 (pascalbetz)
Increase required ruby version to 2.3 #1495 (mcelicalderon)
Turn email validation process into class method #1494 (muratiger)
Update faq.md #1493 (SUMAR7)

v1.2.0 (2021-07-19)

Full Changelog

Implemented enhancements:

Paranoid mode is non existent #1100
Add paranoid mode #1378 (luisalima)

Closed issues:

DeviseTokenAuth::Errors::InvalidModel #1485
How not to update the headers when the api server returns a response with an error status #1476
Does not install on Rails 6.1 and Ruby 2.7, fresh install #1475
Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated #1474
@token not assigned prior to delete/destory #1465
Installing devise_token_auth on MacOS, rails conflict #1458
Deprecation warning connection\_config is deprecated and will be removed from Rails 6.2 when using Rails 6.1 #1451
Trying to integrate with devise-multi_email #1421
Rails email change not send confirmation emaill #1338

Merged pull requests:

Bump version to 1.2.0 #1492 (MaicolBen)
Fix unescape and keyword parameters warning #1490 (muratiger)
check password changed only when using password authentication #1486 (qiuyin)
Add new param FAQ #1481 (muratiger)
fix mongoid detecting bug #1478 (qiuyin)
replace deprecated constant BLACKLIST_FOR_SERIALIZATION #1473 (prashant-kiwi)
Workaround for cc-test-reporter with SimpleCov 0.18 #1472 (enomotodev)
Fix mongo setup in travis #1471 (MaicolBen)
Use the same behavior than the deprecated URI.escape #1470 (MaicolBen)
Replace URI::escape which was removed in Ruby 3 #1468 (alea12)
Update connection_config to connection_db_config #1467 (melnik0v)
Fix docs/config/initialization.md #1464 (yoshitsugu)
Fix omniauth version until devise fixes omniauth requirement #1463 (MaicolBen)
Add support for sending and receiving the auth token via a server cookie #1453 (theblang)
Fix critical error on registration with confirmation mode #1447 (pnghai)

v1.1.5 (2020-12-08)

Full Changelog

Closed issues:

Update dependency to support Rails 6.1/6.1.0.rc1 #1443
undefined method `tokens' for #<Hash: #1442
Wrong tokens after server restarts? #1430
ConfirmationsController#show - undefined method `rails51?' for Devise:Module #1429
Persisting sessions with Warden #1426
Active_Admin and devise_auth_token #1424
Rails51? method is dropped from devise gem #1411
Rails 6.0.3.1 generate error #1409
Does this integrate with devise? #1408
Email and Password Can't be blank #1405
Release new version? #1403
Generator is not compatible with Rails 6 #1400
Add some tags to this project? #1399
After sign in, any access-token is valid with correct client #1394
Gitbook docs table too wide #1383
set_request_start overrides token set by earlier current_user call #1370
override authenticate_user! error response method #1369
Check how long an existing token is going to last #1357
Why is Trackable option still active? #1356
Force users to reset passwords on the first logins #1354
undefined local variable or method `resource_name' #1352
Rails 6.1 DEPRECATION WARNING: Uniqueness validator case sensitivity #1345
NoMethodError (undefined method `saved_change_to_attribute?' with Mongoid #1335
Sessions POST being forwarded to GET and returning 405 #1294
How do I obtain a token using omniauth-saml ? #960

Merged pull requests:

Enable rails 6.1 #1446 (MaicolBen)
Add email validation errors via add #1445 (artplan1)
not work alongside standard Devise for class with namespace, use mapping directly as scope #1440 (islue)
Update faq.md #1439 (sizief)
Add mssing methods to Controller Overrides Docs #1437 (dominikdarnel)
make DTA respect controller overrides it doesn't know about #1435 (akatz)
Remove unnecessary require_relative the file should be autoloaded #1433 (jprosevear)
feat(Route): Accept override #1432 (plribeiro3000)
Enhancement: remove unnecessary statement in destroy session #1431 (martinjaimem)
chore(deps): remove Sprockets requirement #1428 (booleanbetrayal)
Serialize updated at without to s #1423 (MaicolBen)
missing space in migration generator #1422 (ngouy)
Avoid nullyfing token when current_user is called before #1417 (MaicolBen)
Avoid failing on undefined variable for invalid record #1416 (MaicolBen)
Fix parent class name generator for rails 6 #1414 (MaicolBen)
Reduce config variables doc table width #1413 (MaicolBen)
Fix crash on devise 4.7.2+ #1412 (pnghai)
Ignore sync uid in case confirmable mail changed #1407 (pnghai)
Bump version to 1.1.4 #1406 (MaicolBen)
Memorize current_#{group_name} to avoid error #722 (Charlie-Hua)

v1.1.4 (2020-06-02)

Full Changelog

Closed issues:

possible to disable the self-registration endpoint? #1402
Axios formatting and Rails controller validation? #1380
NoMethodError (undefined method `client' for "<token>":String) #1375
mation_instruction #1373
Unpermitted parameter :session when signing in using javascript fetch #1361
How do i authenticate with graphql-ruby? #1360
Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable #1013

Merged pull requests:

Update faq.md #1401 (mdjamal)
Update assign_provider_attrs to strip 'name' field #1398 (SpLouk)
Fix grammar #1396 (arku)
[Refactor] fixed "not_email" setting in ja.yml #1395 (eitches)
CI build fix: Pin to pry < 0.13 for 2.3 support, workaround CodeClimate reporter issue #1393 (olleolleolle)
Fix broken link #1392 (dlederle)
Fix: Save user authentication token after email confirmation #1391 (gabrielbursztein2)
Fix token-type header key in testing example docs #1390 (goalaleo)
Issue - 1358 Argument error when converting token updated_at using to… #1388 (saichander17)
Validate that token is valid for patch request last token #1386 (ahmedmagdy711)
Fix docs/usage/reset_password.md #1382 (K-Sato1995)
Fix missing polish and portugese missing translation errors #1377 (woochaq)
[Documentation] write complete path for authentication_test_spec.rb #1376 (cprodhomme)
Add case sensitive option required to prevent deprecation warning in … #1368 (niciliketo)
Add rails 6.0 config to travis #1366 (brateq)
Add docs for confirmation endpoint #1365 (brateq)
Remove Trackable option from generator #1362 (SugiKent)
Please merge again #1350 (exocode)
detect Mongoid (till Mongoid will implement it) #1348 (exocode)
feat(oauth-apple): support Sign in with Apple as a documented OmniAuth provider #1347 (booleanbetrayal)
Add Korean locale #1346 (ghost)
doc: remove duplicated test case on ./docs/usage/testing.md #1344 (miyataka)
Fix to be able to use Devise::confirmable module #1343 (makicamel)
repeat any query params after a fragment #1341 (colmben)

Change Log

Unreleased

Full Changelog

Closed issues:

registrations controller. tokens only for authenticated #1553
Rails 7 support #1552
Not working with any version of Rails 6 and 7 #1551
Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes #<Psych::SyntaxError #1548
undefined local variable or method `cookies' for #<Api::MesController:0x00007f93aa1cb9f8> #1538
Request: #1526
Rails 7 Issue #1523
Bearer Token Usage #1522
Got "ActionDispatch::Request::Session::DisabledSessionError" #1521
Travis CI migration or alternatives #1518
Update dependency to support Rails 7.0.0.rc1 #1515
Devise, devise_auth_token and activeadmin with 2 different models - Controller error #1512
Paranoid mode still returning a distinguishable 404 responses #1510
Invalid client with google-oauth2 #1499
Concurrency issue? #1497
Doesn't seem to follow Bearer Token authorization spec...? #1487
Can we have a new version released? #1483
Token invalidation after canceled request by the frontend app #1232
FrozenError (can't modify frozen Hash) #1151
Password Reset Links Invalidated After Being Clicked #1141
Authorization Request Header Field? #902
jsonb token #841

Merged pull requests:

Add custom uid reference #1554 (florindiconescu)
Update ja.yml #1550 (RaziAhmad123)
Fixed ja.yml because CI failed. #1547 (hatsu38)
Translate the unlocks, confirmations message into Japanese #1544 (hatsu38)
Set cookie token immediately in reset password and OmniAuth success flows #1542 (theblang)
Added 'Authorization' header with bearer token #1534 (rhiroshi)
Fix Paranoid Status Codes #1524 (keithdoggett)
add previous\_token #1520 (sudhanshu16)
Migrate to GitHub Actions #1519 (enomotodev)
Support Rails 7.0 #1517 (enomotodev)
[bugfix] omniauth: handle POST action redirects #1509 (lynndylanhurley)
Fix the doc missing configure devise mail sender #1504 (hsonthach)
Fix callback if migrations fails #1502 (thooams)
wrap creation and save of token in a transaction #1498 (pascalbetz)
Increase required ruby version to 2.3 #1495 (mcelicalderon)
Turn email validation process into class method #1494 (muratiger)
Update faq.md #1493 (SUMAR7)

v1.2.0 (2021-07-19)

Full Changelog

Implemented enhancements:

Paranoid mode is non existent #1100
Add paranoid mode #1378 (luisalima)

Closed issues:

DeviseTokenAuth::Errors::InvalidModel #1485
How not to update the headers when the api server returns a response with an error status #1476
Does not install on Rails 6.1 and Ruby 2.7, fresh install #1475
Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated #1474
@token not assigned prior to delete/destory #1465
Installing devise_token_auth on MacOS, rails conflict #1458
Deprecation warning connection\_config is deprecated and will be removed from Rails 6.2 when using Rails 6.1 #1451
Trying to integrate with devise-multi_email #1421
Rails email change not send confirmation emaill #1338

Merged pull requests:

Bump version to 1.2.0 #1492 (MaicolBen)
Fix unescape and keyword parameters warning #1490 (muratiger)
check password changed only when using password authentication #1486 (qiuyin)
Add new param FAQ #1481 (muratiger)
fix mongoid detecting bug #1478 (qiuyin)
replace deprecated constant BLACKLIST_FOR_SERIALIZATION #1473 (prashant-kiwi)
Workaround for cc-test-reporter with SimpleCov 0.18 #1472 (enomotodev)
Fix mongo setup in travis #1471 (MaicolBen)
Use the same behavior than the deprecated URI.escape #1470 (MaicolBen)
Replace URI::escape which was removed in Ruby 3 #1468 (alea12)
Update connection_config to connection_db_config #1467 (melnik0v)
Fix docs/config/initialization.md #1464 (yoshitsugu)
Fix omniauth version until devise fixes omniauth requirement #1463 (MaicolBen)
Add support for sending and receiving the auth token via a server cookie #1453 (theblang)
Fix critical error on registration with confirmation mode #1447 (pnghai)

v1.1.5 (2020-12-08)

Full Changelog

Closed issues:

Update dependency to support Rails 6.1/6.1.0.rc1 #1443
undefined method `tokens' for #<Hash: #1442
Wrong tokens after server restarts? #1430
ConfirmationsController#show - undefined method `rails51?' for Devise:Module #1429
Persisting sessions with Warden #1426
Active_Admin and devise_auth_token #1424
Rails51? method is dropped from devise gem #1411
Rails 6.0.3.1 generate error #1409
Does this integrate with devise? #1408
Email and Password Can't be blank #1405
Release new version? #1403
Generator is not compatible with Rails 6 #1400
Add some tags to this project? #1399
After sign in, any access-token is valid with correct client #1394
Gitbook docs table too wide #1383
set_request_start overrides token set by earlier current_user call #1370
override authenticate_user! error response method #1369
Check how long an existing token is going to last #1357
Why is Trackable option still active? #1356
Force users to reset passwords on the first logins #1354
undefined local variable or method `resource_name' #1352
Rails 6.1 DEPRECATION WARNING: Uniqueness validator case sensitivity #1345
NoMethodError (undefined method `saved_change_to_attribute?' with Mongoid #1335
Sessions POST being forwarded to GET and returning 405 #1294
How do I obtain a token using omniauth-saml ? #960

Merged pull requests:

Enable rails 6.1 #1446 (MaicolBen)
Add email validation errors via add #1445 (artplan1)
not work alongside standard Devise for class with namespace, use mapping directly as scope #1440 (islue)
Update faq.md #1439 (sizief)
Add mssing methods to Controller Overrides Docs #1437 (dominikdarnel)
make DTA respect controller overrides it doesn't know about #1435 (akatz)
Remove unnecessary require_relative the file should be autoloaded #1433 (jprosevear)
feat(Route): Accept override #1432 (plribeiro3000)
Enhancement: remove unnecessary statement in destroy session #1431 (martinjaimem)
chore(deps): remove Sprockets requirement #1428 (booleanbetrayal)
Serialize updated at without to s #1423 (MaicolBen)
missing space in migration generator #1422 (ngouy)
Avoid nullyfing token when current_user is called before #1417 (MaicolBen)
Avoid failing on undefined variable for invalid record #1416 (MaicolBen)
Fix parent class name generator for rails 6 #1414 (MaicolBen)
Reduce config variables doc table width #1413 (MaicolBen)
Fix crash on devise 4.7.2+ #1412 (pnghai)
Ignore sync uid in case confirmable mail changed #1407 (pnghai)
Bump version to 1.1.4 #1406 (MaicolBen)
Memorize current_#{group_name} to avoid error #722 (Charlie-Hua)

v1.1.4 (2020-06-02)

Full Changelog

Closed issues:

possible to disable the self-registration endpoint? #1402
Axios formatting and Rails controller validation? #1380
NoMethodError (undefined method `client' for "<token>":String) #1375
mation_instruction #1373
Unpermitted parameter :session when signing in using javascript fetch #1361
How do i authenticate with graphql-ruby? #1360
Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable #1013

Merged pull requests:

Update faq.md #1401 (mdjamal)
Update assign_provider_attrs to strip 'name' field #1398 (SpLouk)
Fix grammar #1396 (arku)
[Refactor] fixed "not_email" setting in ja.yml #1395 (eitches)
CI build fix: Pin to pry < 0.13 for 2.3 support, workaround CodeClimate reporter issue #1393 (olleolleolle)
Fix broken link #1392 (dlederle)
Fix: Save user authentication token after email confirmation #1391 (gabrielbursztein2)
Fix token-type header key in testing example docs #1390 (goalaleo)
Issue - 1358 Argument error when converting token updated_at using to… #1388 (saichander17)
Validate that token is valid for patch request last token #1386 (ahmedmagdy711)
Fix docs/usage/reset_password.md #1382 (K-Sato1995)
Fix missing polish and portugese missing translation errors #1377 (woochaq)
[Documentation] write complete path for authentication_test_spec.rb #1376 (cprodhomme)
Add case sensitive option required to prevent deprecation warning in … #1368 (niciliketo)
Add rails 6.0 config to travis #1366 (brateq)
Add docs for confirmation endpoint #1365 (brateq)
Remove Trackable option from generator #1362 (SugiKent)
Please merge again #1350 (exocode)
Fix dead link #1349 (tegandbiscuits)
detect Mongoid (till Mongoid will implement it) #1348 (exocode)
feat(oauth-apple): support Sign in with Apple as a documented OmniAuth provider #1347 (booleanbetrayal)
Add Korean locale #1346 (ghost)
doc: remove duplicated test case on ./docs/usage/testing.md #1344 (miyataka)
Fix to be able to use Devise::confirmable module #1343 (makicamel)
repeat any query params after a fragment #1341 (colmben)

Changelog

v1.1.4 (2020-06-02)

Full Changelog

Closed issues:

possible to disable the self-registration endpoint? #1402
Axios formatting and Rails controller validation? #1380
NoMethodError (undefined method `client' for "<token>":String) #1375
mation_instruction #1373
Unpermitted parameter :session when signing in using javascript fetch #1361
How do i authenticate with graphql-ruby? #1360
Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable #1013

Merged pull requests:

Update faq.md #1401 (mdjamal)
Update assign_provider_attrs to strip 'name' field #1398 (SpLouk)
Fix grammar #1396 (arku)
[Refactor] fixed "not_email" setting in ja.yml #1395 (h-sada)
CI build fix: Pin to pry < 0.13 for 2.3 support, workaround CodeClimate reporter issue #1393 (olleolleolle)
Fix broken link #1392 (dlederle)
Fix: Save user authentication token after email confirmation #1391 (gabrielbursztein2)
Fix token-type header key in testing example docs #1390 (goalaleo)
Issue - 1358 Argument error when converting token updated_at using to… #1388 (saichander17)
Validate that token is valid for patch request last token #1386 (ahmedmagdy711)
Fix docs/usage/reset_password.md #1382 (K-Sato1995)
Fix missing polish and portugese missing translation errors #1377 (woochaq)
[Documentation] write complete path for authentication_test_spec.rb #1376 (cprodhomme)
Add case sensitive option required to prevent deprecation warning in … #1368 (niciliketo)
Add rails 6.0 config to travis #1366 (brateq)
Add docs for confirmation endpoint #1365 (brateq)
Remove Trackable option from generator #1362 (SugiKent)
Please merge again #1350 (exocode)
Fix dead link #1349 (tegandbiscuits)
detect Mongoid (till Mongoid will implement it) #1348 (exocode)
feat(oauth-apple): support Sign in with Apple as a documented OmniAuth provider #1347 (booleanbetrayal)
Add Korean locale #1346 (sdu6342)
doc: remove duplicated test case on ./docs/usage/testing.md #1344 (miyataka)
Fix to be able to use Devise::confirmable module #1343 (makicamel)
repeat any query params after a fragment #1341 (colmben)

Change Log

v1.1.3 (2019-09-26)

Full Changelog

Fixed bugs:

XSS and Open Redirect #1332
fix(omniauth): fix CVE-2019-16751 #1342 (booleanbetrayal)

Closed issues:

Rails 6.0 #1334
CookieOverflow with #1322
Confirmations controller route error not found #1316
render_create_error not called when no json is provided #929

Merged pull requests:

CI: Use ruby 2.4.7 #1337 (olleolleolle)
CI: Use 2.5.6, 2.6.4 #1336 (olleolleolle)
Allow password reset with token alone #1295 (jkeen)

v1.1.2 (2019-08-24)

Full Changelog

Closed issues:

Make compatible with devise 4.7 #1331
Error after upgrade to Rails 6.0.0 #1329
Documentation link on sidebar is incorrect #1325
Unable to create user with mongodb as ORM #1293
Missing user credential in confirmation redirect url querystring #1292

Merged pull requests:

Fix devise version #1333 (laerciosb)
Skip callback when active record #1330 (enomotodev)
Use param-way version of saved_change_to_encrypted_password #1328 (MaicolBen)

v1.1.1 (2019-08-18)

Full Changelog

Closed issues:

I'm noticing that validate token requests are taking a long time - is there any way to turn down the cost in bcrypt for devise token auth so that the validate token requests are faster? #1326
How do I update a user without a token while using Devise token Auth? #1318
How to register with phone number instead of email as default #1313
uninitialized constant DeviseTokenAuth::Concerns in development. #1312
Change how to update existing user migration #1311
Huge performance downgrade from v0.1.43 to v1.1.0 #1301
Cant log in - #<NoMethodError: undefined method `current_sign_in_at' for #<User:0x000055e053c79c58>> #1300
Generate authorization headers without the need for an email and password. #1298
Any way to "become" user? #1291
Can't find documentation, can't omniauth login #1290
undefined method `tokens' for #<Hash:0x00007fe4698ea648> #1288
Possible Phishing Attack Vulnerability #1287
Unable to sign_in even if user confirmation is success #1285
Changelog? #1275
devise_token_auth depends on vulnerable devise version #1273
Database index question #1272
Reset Password Must Be Done in 5 Seconds #1265
How do I use the gem with Mongoid? [ANSWERED] #1263
devise_token_auth is not working in rails 6 ruby 2.6 #1259
undefined method '[]' for nil:NilClass when confirming email #1224
Unable to sign_out a user that is being deleted which causes 404 as devise_token_auth attempts to find to create headers. #1205
API Does Not Use Api_Controller #887
Use issue for "real" issue with the gem, and stackoverflow for integration problem #756
User tokens don't properly deserialize #121

Merged pull requests:

Fix token doc links #1327 (MaicolBen)
Confirmations controller rendering methods added #1324 (ilhanadiyaman)
Add mysql & psql service to travis because it isn't by default anymore #1323 (MaicolBen)
Fix "manage the tokens" broken link in FAQ #1320 (brateq)
CI: Use 2.6.3, drop unused directive sudo: false #1317 (olleolleolle)
updates: use update instead of update_attributes #1314 (moray95)
fix(current_user): revert false return in set_user_by_token when token is not present #1306 (booleanbetrayal)
Update changelog #1297 (MaicolBen)
Relax bcrypt version #1296 (MaicolBen)
CI: Update matrix #1277 (olleolleolle)
Skip token_validations route #1271 (yasuman)
Resend confirmation instructions #1267 (lpsBetty)
Tokens serialization #1250 (dks17)
Delete namespece and fix file name change to prevent override behavior of the default email validator #1242 (ihatov08)
Minor updates to docs #1236 (MaicolBen)
new TokenFactory module #1085 (dks17)

Change Log

v1.1.0 (2019-03-18)

Full Changelog

Implemented enhancements:

Mongoid Support #15

Closed issues:

Support Devise 4.6 #1270
Headers remove token when config token_lifespan #1268
Reset Password Flow #1264
How to check Client value is expired or not? #1254
access to current_user not available #1246
subsequents Sign In does not add new tokens and return 401 #1244
Could not find generator 'devise_token_auth:install_mongoid' #1239
undefined method `authenticate_user!' when User class nested in module #1234
I cant acsess to current_user #1231
Update token_lifespan in production remove response headers #1227
Rename uid field to uuid #1225
mysql2 0.4.6 error: use of undeclared identifier 'MYSQL_SECURE_AUTH' #1222
POST with JSON Content-Type: application/json not passing parameters #1221
Password controller : edit does not use default password reset url ? #1219
Mongoid support #1198
ensure_pristine_resource error #1135
codeclimate-test-reporter soon be deprecated #1080
Session Overflow Error #1077

Merged pull requests:

allow devise < 4.7 #1269 (doits)
Update Angular-Token README links #1257 (neroniaky)
create he.yml translation file for Hebrew #1256 (aryehbeitz)
Split up methods in omniauth_callbacks_ctrl for easier extensibility #1251 (nbrustein)
Update appraisals, Travis config, ruby and rails versions #1249 (dks17)
sign in multiple resources #1248 (Hamdan85)
Add tests for passwords#edit when redirect_whitelist is set #1247 (MaicolBen)
Use email_provider? at sync_uid #1243 (ihatov08)
Fixed a reset password message in Japanese locales. #1241 (seigo23)
Allow the use of allow_unconfirmed_access_for for registration #1238 (bananatron)
Scope the EmailValidator to the DeviseTokenAuth module; add Solidus/Spree usage note to faq #1233 (skycocker)
Fix doc link #1230 (Hiromi-Kai)
Use redirect url to edit from initializer as well #1228 (MaicolBen)
Removed ensure pristine error due to not being used #1217 (MaicolBen)
Add Mongoid support #1209 (dks17)
Reset passwords stay valid until the password is reset #1206 (typhoon2099)
Simplifying ConfirmationsController show behavior #1075 (dks17)

v1.0.0 (2018-10-23)

Full Changelog

Closed issues:

If the user is invalid, it doesn't return the tokens in sign in #1160
Upgrading Gem versions #1148

Merged pull requests:

Bump version 1.0.0 #1229 (MaicolBen)

v1.0.0rc2 (2018-09-21)

Full Changelog

Closed issues:

Is uid mandatory for devise token auth to find current user? #1214
Remove uniqueness for email #1213
NameError ActiveRecord::AttributeSet after redeploying #1210
Token is no longer accepted after some time, only with a new "validate token" request #1204
How to share tokens across subdomains using devise-token-auth? #1199
401s after response with new headers fail #1174
A few refreshes after login gives me a blank access token and expiry, logging me out #1147
Extract Registrations Controller logic out to overrideable methods ??? #1143
ConfirmationsController redirection error #1084
Where should I store token? #1005
devise_token_auth initializer breaks omniauth paths #966
default_confirm_success_url fails in initializer #223

Merged pull requests:

Add rails lowest version to gemspec #1212 (masatooba)
Add required_ruby_version #1208 (masatooba)
chore(deps): expand devise to allow < 4.6 #1203 (taneliang)
[da-DK] Improve grammar #1201 (olleolleolle)
Optimize resource valid check after set the headers #1188 (MaicolBen)
Moved to fallback instance variables in set\_user\_by\_token #1166 (twolfson)
confirmation should redirect to default_confirm_success_url by default #1091 (maysam)

v0.2.0 (2018-08-10)

Full Changelog

Merged pull requests:

Revert #703 "Always set header in batch mode" #1161 (MaicolBen)

v1.0.0rc1 (2018-08-10)

Full Changelog

Implemented enhancements:

Add Rubocop #1124
Add rubocop #1125 (Evan-M)

Fixed bugs:

Fix broken stubbed method expectation #1139 (Evan-M)

Closed issues:

overriding registrations controller with active model serializer. #1194
NameError (undefined local variable or method `provider' for #<User:0x00000005bacd18>): #1187
The email_required? method is not working #1186
Forgotten log files on the dummy test folder - More than a hundred megabytes #1185
undefined method `create_token' for #<User:0x00007f8fa9a25900> Did you mean? created_at #1179
Unpermitted parameter: :registration #1178
Remove Password Validation #1177
Devise Token Auth Postman configuration #1173
Set default provider as "username" instead of "email" #1172
How to implement 2FA? #1171
Skip email confirmation #1170
Multiples Profiles Relationship #1168
request.headers.merge is not work. #1167
How to add another parameter to validate a user? #1162
Getting undefined method make\_response! for overridden Devise controller class #1158
cant sigh_in on my custom controller #1150
Mocha/minitest issue in test_helper.rb #1149
How could send the access-token and other credentials ? #1146
How to override concern #1145
Support for find_for_database_authentication #1138
Breaking tests / travis builds - Mocha gem was updated. #1137
How solve undefined method `allow_password_change' while changing user password ? #1136
Email case_insensitive with soulda matchers #1133
Clear ActiveRecord::AttributeMethods::Dirty Deprecated Methods #1131
Password/Edit route not working #1127
Automatic Login after successful email confirmation #1122
Clarification on OAuth Flow #1118
New Bounty: $100 for README Edits/Improvements, issue queue cleanup #1114
Tests on token expiry fail when they're run on the WET time zone #1112
uid is blank upon basic rails 5 api setup, user registration #1111
v0.1.43 causes Missing confirm_success_url parameter error #1108
max_number_of_devices config seems doesn't work! #1107
LoadError: cannot load such file -- omniauth #1105
Token is not generated when login through facebook #1099
Why does update_auth_header need to query the resource for tokens again? #1097
"an error ocurred" when receiving the callback from google #1090
devise omniauth redirect issue after installing devise_token_auth #1088
Simplify the Readme. #1069
Different max_number_of_devices based on devise model #1003
Action Cable and devise token auth #986
Cut a release #972
minor error in README with regard to usage alongside Devise #745
E-mail confirmations sent twice (duplicate emails) #677
Reset Password doesn't getting expired.. #672
What's the reset password flow? #604
Dynamic token lifespan based on user input #580
How to test user authenticated methods via rspec #455
Testing with rspec #75

Merged pull requests:

Modify for missing markdown symbol #1200 (sainuio)
Add Factorybot #1197 (dks17)
feature: handling primary key type in generators #1195 (whois-marvin-42)
README: Drop defunct gemnasium badge #1190 (olleolleolle)
Update contributing.md #1182 (vbrazo)
Add missing SimpleCov configurations #1180 (vbrazo)
Update gitbook docs link #1176 (MaicolBen)
Update FAQ method for using DeviseTokenAuth alongside Devise #1175 (mrkrlli)
Require mocha >= 1.5 #1169 (krzysiek1507)
Test against newest Ruby from line #1163 (krzysiek1507)
Add frozen_string_literal pragma to ruby files #1157 (krzysiek1507)
1143 extract @resource initialization out to a named overrideable method #1144 (Marinlemaignan)
Setup appraisal for rails 4 #1142 (krzysiek1507)
Setup appraisal #1134 (krzysiek1507)
1131 fix deprecation warning for dirty attributes for rails > 5 #1132 (Marinlemaignan)
Rubocop Fixes 2 #1130 (dks17)
Clean readme & move doc #1129 (MaicolBen)
Rubocop Fixes #1126 (dks17)
sv.yml localization #1120 (olleolleolle)
da-DK: fix translation typo (burger!) #1119 (olleolleolle)
Support namespace #1117 (kaevee)
Test against ruby 2.5 #1116 (krzysiek1507)
Max number of devices in new session #1115 (Evan-M)
Refactor uses of time now #1113 (nesteves)
max_number_of_devices should be used in a new session as well #1109 (MaicolBen)
Activating Open Collective #1104 (monkeywithacupcake)

v0.1.43 (2018-03-07)

Full Changelog

Closed issues:

Problems with devise version #1102
user_signed_in? is false after successful sign in #1101
Basic Example with Postman? #1094
No create in confirmations controller? #1093
Does it works with Sequel? #1092
Can't add field for unique validation #1089
No access_token through api when signing in by finding user. #1087
Password Reset Link params without POST /password #1070
Confirmable should not be dependant on trackable #1065
NoMethodError: undefined method `provider' for #<User #1063
Log my user via token and session to share login over 2 app #1062
Error ActionController::RoutingError: No route matches [GET] "/omniauth/pincode" #1058
Support Devise 4.4.0 & Ruby 2.5.0 #1057
Missing acces-token in Response Header #1053
#<IndexError: string not matched> after second sign_in request with postgres #1052
Manual Authentication and Registration #1051
I can not insert name when registering user #1048
NoMethodError: undefined method 'allow_password_change=' #1046
Confirmation flow #1045
undefined local variable or method `flash' for #<Devise::UnlocksController #1043
Easily saving access_token in User model for later 3rd party API access #1041
Error with mailer_sender #1037
NoMethodError (undefined method `valid_token?' for nil:NilClass) #1035
Ukrainian localization #1022
[WORKING] Instructions for Rails 5 API and Google OAuth2 #1020
Reset Password Tokens No Longer Expire #1008
Password Reset: Is it possible to disable returning 404 when user is not found? #987
Fix Warnings in Test Suite Output #976
error in sessions_controller.rb:42 - on sign_in after application restart #941
Working example with omniauth? #937
Duplicate error messages #892
Redirects to https domains break in 1.40 #832
Remove "AND provider='email'" from SQL when login #266
Using Google's Authenticator 2FA Mobile app #172
is devise_invitable supported? (solvable with workaround) #155
current_user and authenticate_user! returns false #74

Merged pull requests:

Further refactor of token creation #1098 (Evan-M)
Return locked out message from sessions controller when resource is locked #1095 (TylerRockwell)
[ci skip ] Improve documentation - add link #1086 (BKSpurgeon)
s/set_user_token/set_user_by_token on comment #1078 (marcpeabody)
Update user template #1071 (dkniffin)
Make confirmable not dependant on trackable #1064 (romankovt)
Refactor token creation #1061 (MaicolBen)
chore(deps): expand devise to allow < 4.5 #1056 (Tom-Tom)
Separate error messages for missing vs invalid email #1055 (pjungwir)
Remove verbose warnings in test output #1049 (asartalo)
Translate into Vietnamese #1044 (minhthuan274)
Fix polish translations #1042 (sbadura)
Update devise configuration for :database_authenticatable #1040 (dks17)
Improve registrations controller and add downloads badge in Readme #1039 (MaicolBen)
#155 fix authenticate_#{mapping} definition #1036 (salmanasiddiqui)
add redux-token-auth to README.md #1033 (FunkyloverOne)
Fix bypass_sign_in broken tests #1030 (MaicolBen)
Remove params that are not being used in resource params #1029 (MaicolBen)
Honor strip_whitespace_keys from devise config #1028 (nerfologist)
Reset password token test fix2 #1026 (dks17)
Added ukrainian locale #1023 (Dimkarodinz)
Issue 803 fixed indentation #1021 (Blitzkev)
Restore reset password tokens behavior #1017 (dks17)
Check if recoverable is enabled in case allow_password_change is used #995 (MaicolBen)
Remove save tokens in build auth header #994 (MaicolBen)
Refactor render error #989 (MaicolBen)
bypass_sign_in setting (re-created) #911 (Borzik)

v0.1.43.beta1 (2017-11-13)

Full Changelog

Closed issues:

Return a authentication token #1015
API is not using defined ApiController but rather ApplicationController #1014
TypeError (can't dump hash with default proc) #1012
Namespaces and overriding default mailer templates #1011
Cant login after signing in via oauth #1010
Omniauth with devise token auth #1007
Not returning headers on error #1002
Hardcoded resource.provider in RegistrationsController? #997
Confirmation URL query parameters don't match header counterparts #993
Gem clashing #991
Sign in, Sign out not working #982
access token always expires in one minute #980
How to customize Omniauth payload #974
How do Create user's roles. #963
Why does a confirm_success_url column appear in some of the test migrations? #959
Readme "Usage TL;DR" section - add confirm_success_url to required params? #955
ar #954
how to get first name and last name of user #953
Model for nested attributes not being saved #952
Can not have multiple model #950
NoMethodError when current_user is called #947
How to manually send the confirmation email (e.g. after User.create in Rails console)? #946
Make DeviseAuthToken inherits my API base Controller? #945
Missing auth headers in response to validate_token #944
tokens_match? issue #942
Not send email notification when email changed ? #940
Token generation fails when user has incomplete data that is mandatory #938
Is there a way to prevent persisting the same token to user table when in batch mode? #934
Token expires too soon #933
Seeing other users data on logout and login #932
token authentication not working on production #931
Getting 'uninitialized constant ActionDispatch::Routing::Mapper::Scope (NameError)' with rails 3 #930
How do I include User relationships to response after authenticate #928
Can't unlock account through email link in lockable #927
accidental issue #926
Can't verify CSRF token authenticity on PUT request only #924
Reset password url no host #923
In batch mode tokens are unnecessarily stored for every request although unchanged #922
current_user not available during authorization #921
Resend confirmation email #920
Change Authentication Keys #919
Devise Set User By Token Is Clashing with Normal Devise Helpers #917
XSS (javascript execution vulnerability) #916
Using the Generator Without Capitalizing Model Name #912
undefined method `authenticate_user!' when want to version my api #908
RuntimeError in DeviseTokenAuth::OmniauthCallbacksController#omniauth_success on google_oauth2 login #907
JSON API status? #906
Filter chain halted as :authenticate_user! rendered or redirected #905
Completed 422 Unprocessable Entity [Rails 5 API only, React with J-Toker] #904
API authentication. Method not allowed 405. Use POST /sign_in to sign in. GET is not supported. #900
validate_token Works but nothing else... #899
OAuth failure callback error with Google provider #898
Registration Name attribute is not stored #897
The action 'edit' could not be found for DeviseTokenAuth::RegistrationsController #896
Change provider when sessions controller #893
Overriding render_create_success does not obey serializer option (AMS) #890
How can i get access-token with omniauth on React Native app #889
Forgot Password flow with JSON responses #888
unknown attribute 'expiry' for User. #886
Email Regex causing Issue - not synced with Devise email RegEx #885
undefined method `[]=' for nil:NilClass due to missing client_id #881
Return parent with sign in data? #880
json-hyper-schema for devise_token_auth #879
validate_token works on local web server, but not remote? #873
getting random "Authorized users only." when uploading multiple files at once. #862
Caching causing an issue #861
How to authenticate user using username using this gem ? #859
Segmentation Fault is raising while trying to send emails. #857
How to Restrict Access to a Single Client? #854
NoMethodError (undefined method `new_session_path' for #<Devise::OmniauthCallbacksController:0x0000000630f628>) #853
Token based authentication with LDAP only #850
Insecure session created with reset password link #848
Swagger / Yard Docs #846
NoMethodError: undefined method `[]=' for nil:NilClass in unit test #839
No resource_class found #838
How to Custom Mailer ? #837
Password gets updated but current password is still invalid. #836
CookieOverflow on namespaced controllers #835
no registration routes when used with devise #834
Incompatibility with shoulda in email uniqueness #833
No HTML for omniauth_external_window view in Rails 5 API #830
DeviseTokenAuth::TokenValidationsController#validate_token returns 401 unauthorized. #829
Console warning #828
omniauth-facebook authentication with an Angular 2 front end application. #827
uid is similar to email #825
Use POST to sign in. GET is not supported. #823
Invalid login credentials. Please try again. #822
Devise redirecting Web request to the Token JSON API #821
Wrong model mapped for token_validation #820
Banning a user #817
Sometimes very frequently, sometimes very randomly - 401 Unauthorized. #813
The confirmation email is not send with the standard devise support #812
Securing headers on client side #809
Impersonate user #802
Can't use JBuilder templates when overriding rendering methods #801
I18n broken (e.g. :already_in_use) #799
very unstable gem full of bugs !! #795
CORS answers 404 always #794
Authorized Users Only on iOS client #792
user_signed_in? doesn't returning access_token after few continuous call to it !!! #791
302 found when I try to redirect to "/devise_token_auth/sessions#create" #790
Initializer default_password_reset_url not working. #789
Gem querying database twice for authenticating user #788
No authentication headers when using Single Table Inheritance on my User model #783
Can't migrate database after 'rails g devise_token_auth:install User auth' #781
Diferent tokens from devise and devise_token_auth some times get in conflict... #780
LinkedIn SignIn #778
Rails engine (api only) - undefined method `mount_devise_token_auth_for' for #<ActionDispatch::Routing::Mapper: #777
multiple congratulation emails #774
Set up a new API application controller not working? #773
Explicitly do not invalidate token #772
Prevent user from sharing account #770
I'am not able to serialize user #769
Could not find generator 'devise_token_auth:install' #768
Soft deletion #766
QUESTION: tokens field in database #763
Current user from channel. #760
devise_token_auth with LDAP? #759
Passing block to for strong parameters breaks code #758
API authentication: Use POST /sign_in to sign in. GET is not supported. #754
Integration help #753
undefined method `tokens' upon signing up #752
resource name for scoped mounting #748
Signing in with Mongoid 6 + Rails 5 causes AuthenticationError #742
Multiple user registration with multiple providers #740
Headers not sent on GET request #739
Best practice for using virtual attributes #738
E-mail update is enabled by default #736
Limit formats allowed to make requests #735
Error in password reset. Password not changed, even though edit returns 200 #732
Using devise_async and sidekiq to send emails asynchronously #727
Separate Devise Token Auth configuration per model #725
No token on response header #721
Massive Cookie Size Leads to Errors #718
401 on sign_in #717
Unable to reconfirm a users email #716
Which is client and access_token #714
Sign_in custom method: how? #711
define_helpers not called at rails launch #708
Always Set Headers in Batch Mode #702
Use with existing User model #701
The inactive_message and active_for_authentication #695
Reset password link not working for the second time #691
How to properly set headers in order to use current_user, authenticate_user! etc methods? #690
Sign Up Permitted Parameters gets Passed but Never saves succesfully to Database #688
Live Demo on heroku crashes #687
Ruby on rails devise_token_auth gem unable to find routes #686
undefined method `[]' for nil:NilClass during omniauth callback #682
client_id resets to default after session_controller#create #680
"Unpermitted parameter: session" issues when action_controller.action_on_unpermitted_parameters is :raise #676
Rails 5 + mongoid + devise_token_auth - undefined method `add_mongoid_support=' for DeviseTokenAuth:Module (NoMethodError) #675
0.1.36 to 0.1.37 Breaks Test Suite #670
Why NOT 'email_required?' is considered? #668
make a separate Apicontroller from Applicationcontroller #667
Devise Omniauth and DeviseTokenAuth Omniauth #666
Seperate view files for different models. #664
Password Reset Link doesn't work #658
[Question] Using in mobile apps (pass reset/libs for major OSes)? #657
confrimable registration token expire #655
Get extra from omniauth-facebook. #647
Ability to change email? #646
headers_names is not defined in 0.1.37 #645
Oauth2 - Android Authentication - one-time-code flow #639
make use of max_number_of_devices on sign_in #637
is possible to use provider and uid columns on the authentications table? #633
undefined method 'render' at devise_token_auth/controllers/helpers.rb #630
Override default routes #628
user_signed_in? VS user.signedIn ? #623
Retrieve from (local) cache first? #622
Update Gem (RubyGem) Not issue #621
Email uniqueness on both email and oauth provider #617
ArgumentError (wrong number of arguments (given 1, expected 0)) #616
exclude devise validatable module? #613
Devise omniauth_path_prefix overriden #610
Override devise token auth response #609
Previous authentication params remain in url after sign out when using OAuth #605
Problem with auth headers and multiple models #602
Re-written URL with token does not work with Angular default routing #599
Rails 5 - Missing template devise_token_auth/registrations/create #598
REST routes #595
Multiple providers per user #594
MongoDB #593
Problem with CORS setup and exposing special headers #591
Password reset allows user to bypass confirmable #590
empty request.env['omniauth.params'] causes exception #586
Getting Error: 'No connection pool for ActiveRecord::Base' when generating the devise_token_auth generator inside an Rails Engine #584
Preventing creation of users in an oauth scenario #583
Extend token lifespan on use? #573
Unable to sign in using LinkedIn #572
Cannot use rake with mount_devise_token_auth_for in routes.rb #570
Provide configuration for token hashing algorithm #560
Using devise_token_auth with devise for one method #559
omiauth-google #558
Use devise_token_auth with facebook iOS login SDK #556
omniauth-facebook login #555
ActionController::RoutingError (No route matches [POST] "/omniauth/steam/callback") #554
get Authorized users only when use devise with devise_token_auth #553
Models other than User not returning auth headers after each request #552
Cannot get ng-token-auth, devise-token-auth and Rails to work for facebook login #551
Yielding Resource to Overriding Controller #548
Confirmation controller does not response with JSON #546
message['redirect-url'] in the reset password email is not set automatically. #545
Failed migration: how to handle existing user db #544
set a no reply email adresse #542
check if user confirmed is account #539
support for multiple client_id #535
Cut some actions? #534
Getting issues with api authentication #529
Error: unknown attribute 'current_password' for User when updating a password #524
Error Response as HTML #522
render_create_success should return 201 code not 200? #516
RuntimeError (can't modify frozen Hash) #515
tokens not being serialized! #495
Sign in from controller #494
Unpermitted Parameters: confirm_success_url, config_name, registration #489
Bundler could not find compatible versions for gem "rails": #488
Does anyone try to link current omniauth account to devise-token-auth account? #487
I want to use a different column for provider instead of defalut "email" #485
@resource.allow_password_change is not persisted across requests #481
Would like to know is there any missing for i18n translation file? #479
Unpermitted paramter: session (401 Unauthorized) for only one particluar user #477
Reading logged user in constraint #475
devise_token_auth is being called when it shouldn't #473
Unable to override sessions controller #471
Support Devise Strong Parameters by Block #464
How to make http header still available when return to oauth call back #461
skip: [:omniauth_callbacks] doesn't work in v0.1.37.beta3 #460
This gem change default omniauth path? #459
Rails 5 compatible? #458
Null email causes NoMethodError (undefined method `downcase!' for nil:NilClass) #457
Cannot send confirmation email when using alongside with standard devise #456
cancancan: load_and_authorize_resources causes method_missing failure #452
example app for api #451
is session store necessary? #449
HTTP Headers not being sent when using as an API from an Android Phone #448
Is it possible to pass token via json? #447
NoMethodError (undefined method enable\_standard\_devise\_support' for DeviseTokenAuth:Module\): app/controllers/devise\_token\_auth/concerns/set\_user\_by\_token.rb:35:in set_user_by_token' #437
duplicate method - resource_class #433
Unpermitted parameter errors #432
redirect_uri_mismatch after update from 0.1.34 to 0.1.37 #420
password_confirmation not actually required #419
Why should I use .to_json to get the right json object and not an array? #400
Errors after removing confirmable #397
Add JSON API (v1.0) compliant API option #396
NoMethodError in DeviseTokenAuth::SessionsController#create #394
Add better uid + provider unique support #392
Unable to Logout after sign up and/or sign in #391
Cohabitation with doorkeeper #389
React native signup/login using Facebook SDK #385
when does tokens field get cleared #372
Passing access_token after signup #366
'no implicit conversion of Hash into String (TypeError)' on Travis CI #365
discrepancy between registration events #364
Block isn't called in super do |resource| override. #363
Auth header is not being set in sign up when using confirmable with allowed unconfirmed access #361
Spontaneous log out from app (presumably because of batch requests) #359
github provider callback url (?auth_token) #354
Is it possible to authenticate_user! without failing the filter chain? #353
Support for Lockable and Timeoutable when using Devise and DeviseTokenAuth #346
Official support and documentation on how to use alongside Devise for APIs #345
permitted parameters not working as expected #344
Using devise and devise_token_auth side by side #343
Multiple Devise Models. One using token #342
ArgumentError in DeviseTokenAuth::ConfirmationsController#show #339
Issue with audited-activerecord #338
Ember Simple Auth #334
group authentication not redirecting #332
Getting `table_exists?' error when using devise_token_auth with Mongoid #325
Can't authorize (user_signed_in? always show false) #316
Devise Email Validation #314
Android native - Unpredictable 401 #313
How to skip confirmation on register but possibility to ask later #303
User with multiple providers gets invalid login credential except the latest provider he/she registered. #298
Conder making view helpers available in token_validations_controller #292
Using alongside "normal" rails app #290
Reset password error. #284
Configured verbatim, devise_token_auth receives this error google only #282
Facebook Auth isn't working for Google Chrome users that have Data Compression set to on #279
Used alongside standard Devise broke the Devise mail confirmation #265
How To Handle Guest Account #264
confirmable feature bugs? #263
helper methods don't work #258
reset password link is not getting to redirection #247
Should a 404 reset tokens? #244
Devise.secret_key was not set. Please add the following to your Devise initializer #235
Expected params don't match Devise itself #233
Namespaced Models #228
Can't verify CSRF token authenticity #227
Error on OmniauthCallbacksController#omniauth_success #222
undefined method `authenticate_user!' #219
The omniauth implementation on this gem use redirection. We need to get around these. #216
Which software did you use to create the workflow ? #215
AbstractController::ActionNotFound (The action 'new' could not be found for DeviseTokenAuth::RegistrationsController): #212
Oauth broken when attributes have a new line #211
No route matches [GET] "/omniauth/sign_in" #199
I have a rails backend rendered app (erb). Can I switch to devise token auth? #196
authentication via phone # #194
Cannot use this gem alongside Devise #192
Some headers without "access-token" (and friends) while testing with Rspec #188
AbstractController::ActionNotFound with Controller Override #185
Best way to set up migration for installation on existing User table already using Devise? #181
Architecture Q: Why did you not use Warden? #180
NoMethodError (undefined method `[]=' for nil:NilClass) #178
Sign_in / Sign_up via token_auth and via session #168
Facebook login - Redirect issue #166
expired confirmation & reset link #164
Storing token in Redis? #163
list with http response codes #157
Trouble accessing provider auth key and secret #153
Omniauth: New user or not ? #151
Forcing SSL for DeviseTokenAuth causes error 'new' could not be found #141
NoMethodError (undefined method `name' for nil:NilClass) - devise_controller.rb:22 #134
Sudo action / confirm your identity protocol #131
devise_token_auth for multiple client #122
Invalid Authenticity Token with last version #109
Routes not properly set #101
allow_unconfirmed_access_for #89
Usage with Grape #73
Allow updating of default attributes by default? #61

Merged pull requests:

Fixes include bug causing sign_in to require auth #1016 (karlingen)
Update CONTRIBUTING.md #1009 (stratigos)
Adding Danish locale #1006 (mikkeljuhl)
allow only one confirmation #1001 (MaicolBen)
Added capitalize to user_class in model file template #1000 (kiritAyya)
Match email regexp with devise #999 (MaicolBen)
Edit RegistrationsController#create to use ResourceFinder::provider #998 (m4-miranda)
993 - mirror auth header keys in build_auth_url query params #996 (ethagnawl)
Add link to wiki of how to add fields for an existing user table #985 (MaicolBen)
contemplate single table inheritance in DeviseTokenAuth::Concerns::SetUserByToken#set_user_by_token #984 (maxwells)
Upgrade test suite to use Rails 5 #981 (lynndylanhurley)
Conditionally set rails version on migration #979 (MaicolBen)
remove confirm_success_url entries from dummy migrations #978 (ethagnawl)
link to cached version of _How to Run a Single Rails Unit Test_ blog … #977 (ethagnawl)
Fix default provider after refactor in concern #975 (MaicolBen)
Adding in unlocks controller and specs. This should resolve #927. #971 (brycesenz)
Add a call to contribute to the top of the README. Ref #969. #970 (zachfeldman)
CONTRIBUTING: Add header, format sections #968 (olleolleolle)
Add note about Grape usage. Closes #73. #967 (zachfeldman)
Allow other provider than email when logins #964 (MaicolBen)
change devise method to reset password by token #957 (dks17)
Docs - add confirm_sucess_url to required params in email registration #956 (pnewsam)
Fix header name on account delete documentation #909 (mconiglio)
Document the confirm_success_url param for email registration #901 (nerfologist)
Fix header markdown typo #895 (f3ndot)
Support setting whitelist, without setting default redirect_url #894 (dkniffin)
Feature/customable authorized users only error response #869 (abeyuya)
Use rails validator instead of custom one #865 (MaicolBen)
Ability to use different default fields in model #849 (blddmnd)
GitHub Issues template, Contributing guidelines #847 (olleolleolle)
Better implementation to test if connection to db is active #843 (richardxia)
Improve documentation for testing. #840 (JonRowe)
Allow user specific token lifespans #704 (codez)
Always set header in batch mode #703 (codez)
Fix for issue #677 #678 (develop-test1)
Flag signin when user confirms email address. #410 (ghost)

Change Log

v0.1.43

Full Changelog

Implemented enhancements:

Rails generator to update views #33
Extract Omniauth attributes assignation into a method #31

Fixed bugs:

Generator doesn't work correctly with mongoid and/or rails-api #14
Generator issues #13

Closed issues:

Return a authentication token #1015
API is not using defined ApiController but rather ApplicationController #1014
TypeError (can't dump hash with default proc) #1012
Namespaces and overriding default mailer templates #1011
Cant login after signing in via oauth #1010
Omniauth with devise token auth #1007
Not returning headers on error #1002
Hardcoded resource.provider in RegistrationsController? #997
Confirmation URL query parameters don't match header counterparts #993
Gem clashing #991
Sign in, Sign out not working #982
access token always expires in one minute #980
How to customize Omniauth payload #974
How do Create user's roles. #963
Why does a confirm_success_url column appear in some of the test migrations? #959
Readme "Usage TL;DR" section - add confirm_success_url to required params? #955
ar #954
how to get first name and last name of user #953
Model for nested attributes not being saved #952
Can not have multiple model #950
NoMethodError when current_user is called #947
How to manually send the confirmation email (e.g. after User.create in Rails console)? #946
Make DeviseAuthToken inherits my API base Controller? #945
Missing auth headers in response to validate_token #944
tokens_match? issue #942
Not send email notification when email changed ? #940
Token generation fails when user has incomplete data that is mandatory #938
Is there a way to prevent persisting the same token to user table when in batch mode? #934
Token expires too soon #933
Seeing other users data on logout and login #932
token authentication not working on production #931
Getting 'uninitialized constant ActionDispatch::Routing::Mapper::Scope (NameError)' with rails 3 #930
How do I include User relationships to response after authenticate #928
Can't unlock account through email link in lockable #927
accidental issue #926
Can't verify CSRF token authenticity on PUT request only #924
Reset password url no host #923
In batch mode tokens are unnecessarily stored for every request although unchanged #922
current_user not available during authorization #921
Resend confirmation email #920
Change Authentication Keys #919
Devise Set User By Token Is Clashing with Normal Devise Helpers #917
XSS (javascript execution vulnerability) #916
Using the Generator Without Capitalizing Model Name #912
undefined method `authenticate_user!' when want to version my api #908
RuntimeError in DeviseTokenAuth::OmniauthCallbacksController#omniauth_success on google_oauth2 login #907
JSON API status? #906
Filter chain halted as :authenticate_user! rendered or redirected #905
Completed 422 Unprocessable Entity [Rails 5 API only, React with J-Toker] #904
API authentication. Method not allowed 405. Use POST /sign_in to sign in. GET is not supported. #900
validate_token Works but nothing else... #899
OAuth failure callback error with Google provider #898
Registration Name attribute is not stored #897
The action 'edit' could not be found for DeviseTokenAuth::RegistrationsController #896
Change provider when sessions controller #893
Overriding render_create_success does not obey serializer option (AMS) #890
How can i get access-token with omniauth on React Native app #889
Forgot Password flow with JSON responses #888
unknown attribute 'expiry' for User. #886
Email Regex causing Issue - not synced with Devise email RegEx #885
undefined method `[]=' for nil:NilClass due to missing client_id #881
Return parent with sign in data? #880
json-hyper-schema for devise_token_auth #879
Can´t retrieve access token in login response headers #877
devise_token_auth blocks upgrade to Rails 5.1.0 #875
validate_token works on local web server, but not remote? #873
how do I login a user after account signup? #866
getting random "Authorized users only." when uploading multiple files at once. #862
Caching causing an issue #861
How to authenticate user using username using this gem ? #859
Can only register one account. #858
Segmentation Fault is raising while trying to send emails. #857
No access-token in the header #855
How to Restrict Access to a Single Client? #854
NoMethodError (undefined method `new_session_path' for #<Devise::OmniauthCallbacksController:0x0000000630f628>) #853
Headers not present in all requests #851
Token based authentication with LDAP only #850
Insecure session created with reset password link #848
Swagger / Yard Docs #846
uninitialized constant SECRET_KEY_BASE #845
NoMethodError: undefined method `[]=' for nil:NilClass in unit test #839
No resource_class found #838
How to Custom Mailer ? #837
Password gets updated but current password is still invalid. #836
CookieOverflow on namespaced controllers #835
no registration routes when used with devise #834
Incompatibility with shoulda in email uniqueness #833
devise_token_auth: can't work with Rails subdomain. #831
No HTML for omniauth_external_window view in Rails 5 API #830
DeviseTokenAuth::TokenValidationsController#validate_token returns 401 unauthorized. #829
Console warning #828
omniauth-facebook authentication with an Angular 2 front end application. #827
uid is similar to email #825
Question: email confirmation token URI with Rails API #824
Use POST to sign in. GET is not supported. #823
Invalid login credentials. Please try again. #822
Devise redirecting Web request to the Token JSON API #821
Wrong model mapped for token_validation #820
readme code for controller override needs a slight change #819
Banning a user #817
Support for multiple providers during same session #815
Sometimes very frequently, sometimes very randomly - 401 Unauthorized. #813
The confirmation email is not send with the standard devise support #812
not supporting for angular1.6 #810
Securing headers on client side #809
Add has one/belongs to assotiation #807
redirect_url required but not permitted in strong parameters #805
Impersonate user #802
Can't use JBuilder templates when overriding rendering methods #801
I18n broken (e.g. :already_in_use) #799
Data leak on create password reset #797
Rails 5 API Mode Not Authorizing #796
very unstable gem full of bugs !! #795
CORS answers 404 always #794
Authorized Users Only on iOS client #792
user_signed_in? doesn't returning access_token after few continuous call to it !!! #791
302 found when I try to redirect to "/devise_token_auth/sessions#create" #790
Initializer default_password_reset_url not working. #789
Gem querying database twice for authenticating user #788
wrong constant name user #784
No authentication headers when using Single Table Inheritance on my User model #783
Can't migrate database after 'rails g devise_token_auth:install User auth' #781
Diferent tokens from devise and devise_token_auth some times get in conflict... #780
current_user returns nill #779
LinkedIn SignIn #778
Rails engine (api only) - undefined method `mount_devise_token_auth_for' for #<ActionDispatch::Routing::Mapper: #777
ActionController::RoutingError - undefined method `helper_method' #776
multiple congratulation emails #774
Set up a new API application controller not working? #773
Explicitly do not invalidate token #772
Prevent user from sharing account #770
I'am not able to serialize user #769
Could not find generator 'devise_token_auth:install' #768
Soft deletion #766
Minimum Limits on a token? #764
QUESTION: tokens field in database #763
Octopus throwing error when deleting expired tokens #761
Current user from channel. #760
devise_token_auth with LDAP? #759
Passing block to for strong parameters breaks code #758
Only one User model return the correct headers #757
API authentication: Use POST /sign_in to sign in. GET is not supported. #754
Integration help #753
undefined method `tokens' upon signing up #752
ArgumentError in Devise::RegistrationsController#new #750
OAuth (GitHub) redirects to callback url twice #749
resource name for scoped mounting #748
Signing in with Mongoid 6 + Rails 5 causes AuthenticationError #742
Rails 5 API deployed as microservices #741
Multiple user registration with multiple providers #740
Headers not sent on GET request #739
Best practice for using virtual attributes #738
E-mail update is enabled by default #736
Limit formats allowed to make requests #735
Query params left in url after facebook login cause authentication to fail on refresh #734
Error in password reset. Password not changed, even though edit returns 200 #732
Can't permit parameters in rails engine #731
Cannot integrate with omniauth-facebook #729
Using devise_async and sidekiq to send emails asynchronously #727
Two models, one not working #726
Separate Devise Token Auth configuration per model #725
No token on response header #721
Massive Cookie Size Leads to Errors #718
401 on sign_in #717
Unable to reconfirm a users email #716
API response bodies are empty when using active_model_serializers #715
Which is client and access_token #714
/sign_out route is returning 404 not found #713
Sign_in custom method: how? #711
define_helpers not called at rails launch #708
Why is tokens field a json type and how to create a query based on inside values? #707
Always Set Headers in Batch Mode #702
Use with existing User model #701
Deprecation Error Message on 5.0 #698
"Covert Redirect" Vulnerability #696
The inactive_message and active_for_authentication #695
No route matches [POST] "/api/v1/auth" #694
Got this error with ActiveAdmin "wrong number of arguments (1 for 0)" #692
Reset password link not working for the second time #691
How to properly set headers in order to use current_user, authenticate_user! etc methods? #690
using devise_token_auth for API alongside standard devise gem for HTML view #689
Sign Up Permitted Parameters gets Passed but Never saves succesfully to Database #688
Live Demo on heroku crashes #687
Ruby on rails devise_token_auth gem unable to find routes #686
No Headers after sign_in for new Users created by Admin #685
NoMethodError (undefined method `headers_names' for DeviseTokenAuth:Module) #684
Fast page refresh problem #683
undefined method `[]' for nil:NilClass during omniauth callback #682
IndexError: string not matched on User sign_in #681
client_id resets to default after session_controller#create #680
skip_confirmation_notification! not working #679
"Unpermitted parameter: session" issues when action_controller.action_on_unpermitted_parameters is :raise #676
Rails 5 + mongoid + devise_token_auth - undefined method `add_mongoid_support=' for DeviseTokenAuth:Module (NoMethodError) #675
rails g devise_token_auth:install User auth hangs and does nothing #671
0.1.36 to 0.1.37 Breaks Test Suite #670
Why NOT 'email_required?' is considered? #668
make a separate Apicontroller from Applicationcontroller #667
Devise Omniauth and DeviseTokenAuth Omniauth #666
Seperate view files for different models. #664
Bump version to support devise 4.1.1 #659
Password Reset Link doesn't work #658
[Question] Using in mobile apps (pass reset/libs for major OSes)? #657
confrimable registration token expire #655
callback :set_user_by_token has not been defined #649
Get extra from omniauth-facebook. #647
Ability to change email? #646
headers_names is not defined in 0.1.37 #645
Issues with active_model_serializers #644
Error with devise #643
Oauth2 - Android Authentication - one-time-code flow #639
make use of max_number_of_devices on sign_in #637
undefined method `token_validation_response' #635
when password is reset from UI, all tokens must be removed if remove_tokens_after_password_reset is true #634
is possible to use provider and uid columns on the authentications table? #633
Relax devise dependency to allow 4.1 #631
undefined method 'render' at devise_token_auth/controllers/helpers.rb #630
Override default routes #628
Rails 5 generator doesn't insert concern #627
NoMethodError (undefined method `find_by_uid') in production. #625
Why is password confirmation required ? #624
user_signed_in? VS user.signedIn ? #623
Retrieve from (local) cache first? #622
Update Gem (RubyGem) Not issue #621
Curl not working for sign_in but works on ng-token-angular #620
After Sign-in success, The following requests on Angular side are unauthorized. #619
Email uniqueness on both email and oauth provider #617
ArgumentError (wrong number of arguments (given 1, expected 0)) #616
Omniauth - Facebook app doesn't run callback url after successful Facebook authentication #615
:authenticate_user! wired behaviour #614
exclude devise validatable module? #613
current_user is nil, request headers are all upcased and prefixed with HTML_ #611
Devise omniauth_path_prefix overriden #610
Override devise token auth response #609
Problem in generated routes #607
Rails 5 API Mode - no headers in response #606
Previous authentication params remain in url after sign out when using OAuth #605
Filter chain halted as :authenticate_user! rendered or redirected #603
Problem with auth headers and multiple models #602
422 Unprocessable Entity when using local IP address #601
not working with latest version of active_model_serializers #600
Re-written URL with token does not work with Angular default routing #599
Rails 5 - Missing template devise_token_auth/registrations/create #598
overriding rendering methods in devise_token_auth #597
REST routes #595
Multiple providers per user #594
MongoDB #593
Problem with CORS setup and exposing special headers #591
Password reset allows user to bypass confirmable #590
redirect_url is missing in email instructions sent to the user for password reset #588
Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password_confirmation":"abcdefgh"} #587
empty request.env['omniauth.params'] causes exception #586
Getting Error: 'No connection pool for ActiveRecord::Base' when generating the devise_token_auth generator inside an Rails Engine #584
Preventing creation of users in an oauth scenario #583
can't authenticate user when opening a new download tab #582
Mails are not being sent #581
current_user seems to be nil after doing requests from different tabs #579
Do we have any rspec helpers to sign_in an user? #577
Cannot override json response of authenticate_user! #575
Extend token lifespan on use? #573
Unable to sign in using LinkedIn #572
Cannot use rake with mount_devise_token_auth_for in routes.rb #570
return custom json data after sign_in #567
Provide configuration for token hashing algorithm #560
Using devise_token_auth with devise for one method #559
omiauth-google #558
Use devise_token_auth with facebook iOS login SDK #556
omniauth-facebook login #555
ActionController::RoutingError (No route matches [POST] "/omniauth/steam/callback") #554
get Authorized users only when use devise with devise_token_auth #553
Models other than User not returning auth headers after each request #552
Cannot get ng-token-auth, devise-token-auth and Rails to work for facebook login #551
/auth/validate_token works but getting 401 unauthorized when sending request with auth headers #550
Where is the access key of omniauth provider? #549
Yielding Resource to Overriding Controller #548
Confirmation controller does not response with JSON #546
message['redirect-url'] in the reset password email is not set automatically. #545
Failed migration: how to handle existing user db #544
How this gem is different from a JWT system? #543
set a no reply email adresse #542
check if user confirmed is account #539
Improper formatting for JSON API error/success responses #536
support for multiple client_id #535
Cut some actions? #534
Getting issues with api authentication #529
Is it a hybrid authentication system? #527
check_current_password_before_update still requires password when resetting password #526
Error: unknown attribute 'current_password' for User when updating a password #524
Error Response as HTML #522
Manually authenticate for testing #521
Support for STI #517
render_create_success should return 201 code not 200? #516
RuntimeError (can't modify frozen Hash) #515
DEPRECATION WARNING: alias_method_chain is deprecated #514
JSON responses don't fit JSON_API requirements #512
Not working with rails 5 and devise master #504
Unpermitted parameters: confirm_success_url, config_name, registration #501
set_user_by_token not defined in production for rails 5 #500
Master branch no longer working with devise master branch (version error) #498
uid is not getting set in git revision 996b9cf23a18 #497
tokens not being serialized! #495
Sign in from controller #494
ve_model_serializer namespace #492
Unpermitted Parameters: confirm_success_url, config_name, registration #489
Bundler could not find compatible versions for gem "rails": #488
Does anyone try to link current omniauth account to devise-token-auth account? #487
User remains logged in when using devise and devise_token_auth in the same app #486
I want to use a different column for provider instead of defalut "email" #485
DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 #482
@resource.allow_password_change is not persisted across requests #481
validate_token - resource_name - undefined method `name' for nil:NilClass #480
Would like to know is there any missing for i18n translation file? #479
Unpermitted paramter: session (401 Unauthorized) for only one particluar user #477
Reading logged user in constraint #475
devise_token_auth is being called when it shouldn't #473
Unable to override sessions controller #471
Helpers being loaded for Rails API's #468
Unable to call rails g devise\_token\_auth:install within rails engine #465
Support Devise Strong Parameters by Block #464
locales errors.messages.already\_in\_use seems broken #463
How to make http header still available when return to oauth call back #461
skip: [:omniauth_callbacks] doesn't work in v0.1.37.beta3 #460
This gem change default omniauth path? #459
Rails 5 compatible? #458
Null email causes NoMethodError (undefined method `downcase!' for nil:NilClass) #457
Cannot send confirmation email when using alongside with standard devise #456
cancancan: load_and_authorize_resources causes method_missing failure #452
example app for api #451
is session store necessary? #449
HTTP Headers not being sent when using as an API from an Android Phone #448
Is it possible to pass token via json? #447
It shows "An error occurred" after omniauth callback #445
- #444
Put Access Token in body #442
Unable to add a new param for sign up #440
Undefined method provider from devise_toke_auth concerns/user.rb #438
NoMethodError (undefined method enable\_standard\_devise\_support' for DeviseTokenAuth:Module\): app/controllers/devise\_token\_auth/concerns/set\_user\_by\_token.rb:35:in set_user_by_token' #437
duplicate method - resource_class #433
Unpermitted parameter errors #432
Scoped DeviseToken but it still affects the original Omniauth redirects. #429
Can't create user via api #422
redirect_uri_mismatch after update from 0.1.34 to 0.1.37 #420
password_confirmation not actually required #419
Password Reset question, do I need my own form? #418
Large Size on Disk #415
The validate_token function in the readme is missing a parameter #413
Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module #406
change_headers_on_each_request and batch requests #403
Why should I use .to_json to get the right json object and not an array? #400
Multiple users, returning(and creating) wrong model's auth token #399
Can't verify CSRF token authenticity #398
Errors after removing confirmable #397
Add JSON API (v1.0) compliant API option #396
NoMethodError in DeviseTokenAuth::SessionsController#create #394
uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt #393
Add better uid + provider unique support #392
Unable to Logout after sign up and/or sign in #391
Cohabitation with doorkeeper #389
Sign in not success. #388
React native signup/login using Facebook SDK #385
password length #380
Devise token auth not found routing error #379
Defining a custom primary key #378
seeing other users data after login/out with different users on ionic #375
when does tokens field get cleared #372
omniauth: when redirecting, user object should not be serialized into url #368
getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser #367
Passing access_token after signup #366
'no implicit conversion of Hash into String (TypeError)' on Travis CI #365
discrepancy between registration events #364
Block isn't called in super do |resource| override. #363
omniauth callback redirect not working properly when using namespace/scope #362
Auth header is not being set in sign up when using confirmable with allowed unconfirmed access #361
Spontaneous log out from app (presumably because of batch requests) #359
invalid token in method set_user_by_token on RegistrationsController#update #357
github provider callback url (?auth_token) #354
Is it possible to authenticate_user! without failing the filter chain? #353
Allow devise patch version updates #351
Error validating token #348
Support for Lockable and Timeoutable when using Devise and DeviseTokenAuth #346
Official support and documentation on how to use alongside Devise for APIs #345
permitted parameters not working as expected #344
Using devise and devise_token_auth side by side #343
Multiple Devise Models. One using token #342
Restricting access to controllers methods #340
ArgumentError in DeviseTokenAuth::ConfirmationsController#show #339
Issue with audited-activerecord #338
Allow for HTTP Basic Auth ? #337
Allow Omniauth user reset password #335
Ember Simple Auth #334
NameError (uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt) #333
group authentication not redirecting #332
Unpermitted parameters: format, session #328
Concern causes app to connect to database when precompiling assets. #327
devise token auth + Save Facebook auth_hash info in database #326
Getting `table_exists?' error when using devise_token_auth with Mongoid #325
Error sending password reset email when not using confirmable (reopened #124) #321
Routing error / Preflight request / OPTIONS #320
delete tokens after password change #318
Can't authorize (user_signed_in? always show false) #316
Can't authorize (user_signed_in? always show false) #315
Devise Email Validation #314
Android native - Unpredictable 401 #313
Warden::SessionSerializer - wrong number of arguments (2 for 1) #312
The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController #309
Having 401 Unauthorized only with mobile #305
remove unused nickname, image from user object #304
How to skip confirmation on register but possibility to ask later #303
HI, This is more of a doubt since I could not finding anything related to this in your documentation. #300
Getting 401's when making requests using iOS/Android clients #299
User with multiple providers gets invalid login credential except the latest provider he/she registered. #298
undefined method `tokens' for #<Hash:0x000000063f0920> #297
Confirmation URL giving bad arguments #293
Conder making view helpers available in token_validations_controller #292
set_user_by_token not called in overriden controller #291
Using alongside "normal" rails app #290
Question: Should we send password reset instructions to unconfirmed emails? #287
NoMethodError (undefined method `[]' for nil:NilClass): #286
Facebook omniauth redirection is missing url when testing on localhost #285
Reset password error. #284
Configured verbatim, devise_token_auth receives this error google only #282
No route matches [GET] "/users/facebook/callback" #280
Facebook Auth isn't working for Google Chrome users that have Data Compression set to on #279
No route matches [GET] "/omniauth/:provider" #278
How to refresh token/expiry? #275
wrong number of arguments (1 for 0): in DeviseTokenAuth::RegistrationsController#create #274
Can not save a user with nil tokens attribute #271
Shouldn't validate_token param be access-token, not auth_token? #270
include associations on login #269
Used alongside standard Devise broke the Devise mail confirmation #265
How To Handle Guest Account #264
confirmable feature bugs? #263
Failure route not handled #262
Getting Unauthorized error even after sending the correct token, uid and client #261
Weird error message #259
helper methods don't work #258
undefined method `provider' for #<User:0x007f49fd5da2e8> #257
Custom Serializer like ActiveModel Serializer #249
reset password link is not getting to redirection #247
File download with query params #246
Info: is devise_token_auth compatible with rails 3.2.19? #245
Should a 404 reset tokens? #244
Headers required for different methods #243
Unpermitted parameters: format, session, lang #239
On sign_in, devise_token_auth expects the uid to be the same as the email #237
Name conflict with inherited_resources #236
Devise.secret_key was not set. Please add the following to your Devise initializer #235
sign_in will not fetch the token #234
Expected params don't match Devise itself #233
Remove ('#') symbol when using html5mode in locationProvider #232
Log in request 401 error #231
User Registration - "email address already in use" when it is unique #230
Devise email validation disabled...why? #229
Namespaced Models #228
Can't verify CSRF token authenticity #227
confirm_success_url error not working #226
pending_reconfirmation called when confirmable isn't used #224
Error on OmniauthCallbacksController#omniauth_success #222
omniauth_success.html.erb JSON bug #221
undefined method `authenticate_user!' #219
Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application #218
Where can I got token? #217
The omniauth implementation on this gem use redirection. We need to get around these. #216
Which software did you use to create the workflow ? #215
URI fragment prevent to send params in Confirmation URL #213
AbstractController::ActionNotFound (The action 'new' could not be found for DeviseTokenAuth::RegistrationsController): #212
Oauth broken when attributes have a new line #211
Generating many client tokens #210
Limit tokens hash? #208
500 error returned when no data is POSTed to registration controller #203
undefined method `match' for nil:NilClass #201
No route matches [GET] "/omniauth/sign_in" #199
DELETE method becoming OPTIONS @ Heroku #197
I have a rails backend rendered app (erb). Can I switch to devise token auth? #196
40 Mb log file and 1 minute to have token with curl #195
authentication via phone # #194
401 unauthorized #193
Cannot use this gem alongside Devise #192
GET requests to sign_in shouldn't raise an exception #190
Api not locked by default #189
Some headers without "access-token" (and friends) while testing with Rspec #188
Rails 4.1 #187
Unable to override OmniauthCallbacksController#redirect_callbacks #186
AbstractController::ActionNotFound with Controller Override #185
Devise and devise_token_auth omniauth callbacks #184
Token based authentication with no sessions #183
undefined method `authenticate_user!' #182
Best way to set up migration for installation on existing User table already using Devise? #181
Architecture Q: Why did you not use Warden? #180
NoMethodError (undefined method `[]=' for nil:NilClass) #178
confirm_success_url shouldn't be a required param #176
Provide an OAuth implementation for native apps #175
getting an argument error when trying to use omniauth #174
Sign in via username doesn't seem to work correctly. #173
Cannot use + sign in email address. #171
Sign_in / Sign_up via token_auth and via session #168
How can i authenticate using curl and get private entries ! #167
Facebook login - Redirect issue #166
Pessimistic Locking produces ArgumentError #165
expired confirmation & reset link #164
Storing token in Redis? #163
POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API #162
Sign out just on client side ? #161
Unpermitted parameter: redirect_url #160
Issues using devise and devise_token_auth #159
Add role based authorization #158
list with http response codes #157
Not compatible with ActiveAdmin #156
[Duplicate] is devise_invitable supported? #154
Trouble accessing provider auth key and secret #153
Omniauth: New user or not ? #151
User can register with a "false" email #149
/validate_token #148
Email confirmation link #147
Tokens field on database #146
Twitter OAuth always throughs CookieOverflow #145
Is there a way to configure apiUrl for both dev and prod? #144
Getting 401 unauthorized on login attempt #142
Forcing SSL for DeviseTokenAuth causes error 'new' could not be found #141
Comparing with jwt #140
Can't get omniauth to work (error in redirect_callbacks) #139
Change controller inheritance #138
Reset Password call returns 400 for Not Found user #137
The gem is too big. Please take care of it. #136
Error when loging with facebook the second time without logout #135
NoMethodError (undefined method `name' for nil:NilClass) - devise_controller.rb:22 #134
OmniAuth redirect doesn't work if using the generated mount_devise_token route #133
Missing template /omniauth_response #132
Sudo action / confirm your identity protocol #131
Unpermitted parameter: session #130
OAuth error: We're sorry, but something went wrong #129
Would it be useful to integrate login with username ? #127
Sign in with login instead of email #126
Error sending password reset email when not using confirmable #124
Using expired token for parallel calls #123
devise_token_auth for multiple client #122
OmniauthCallbacksController#omniauth_success wrong number of arguments (1 for 0) #119
Could not load 'omniauth' #118
bad argument (expected URI object or URI string) #116
devise_token_auth for public API, but devise for rest of app? #114
Omniauthable deleted on UsersConcern : Why ? #111
Unrequired route #110
Invalid Authenticity Token with last version #109
raises NoMethodError instead of displaying error when email is missing #108
Error with RailsAdmin. "The action 'new' could not be found for DeviseTokenAuth::SessionsController" #107
Circular dependency detected while autoloading constant Api #106
Can't Authenticate via cURL #105
Unpermitted parameters: user, registration #104
BCrypt::Errors::InvalidSalt errors #103
Active job token expiring integration #102
Routes not properly set #101
The action 'new' could not be found for DeviseTokenAuth::RegistrationsController #100
Disable confirmable #99
responders - rails 4.2 #98
forward skip to devise #97
API versioning the devise scope of token validation and ominiauth controller path will wrap up #96
Overwriting default "from" email address #94
uninitialized constant DeviseTokenAuth #92
change_headers_on_each_request not working expiry header empty #90
allow_unconfirmed_access_for #89
Gem render consistency #87
Sample Sessions Controller for logging in via Rails View. #86
Change authorization key: Use phone_number instead of email #84
Conflict with active_admin gem #83
NoMethodError in DeviseTokenAuth::OmniauthCallbacksController#redirect_callbacks #82
All the APIs are getting 'Authorized users only' #81
Is Devise option Rememberable required ? #80
Problem with skip_confirmation! #78
Cannot reset password if registered by omniauth #77
NoMethodError at /omniauth/facebook/callback - undefined method `[]' for nil:NilClass #76
Usage with Grape #73
Remove dependency on ActiveRecord #72
Skipping Registrations Controller Altogether #70
Problem in validate_token if the model is in a namespace #69
Cannot send confirmation email if there is no 'User' model #68
Better guidelines for contributors #65
admin namespace #63
Devise trackable module not working #62
Allow updating of default attributes by default? #61
Devise_token_auth without OmniAuth authentication #60
Reset Password error #59
Confirmable - unconfirmed email #58
Email Column Isn't Used for Database Authentication #56
Unique Key for Provider and UID Combination #55
User Info in separate table or removed #53
rename @user to @resource #48
Active_admin issue #47
Possible Logout Issue #46
Routes not appended to routes.rb #45
Return resource.errors.full_messages in addition to resource.errors #44
Devise and Devise_Token_Auth in api namespace #43
Trackable attributes are not being updated. #42
Avoid using respond_to in application controller #41
devise_token_auth assumes you want the :confirmable functionality #40
undefined method `match' for nil:NilClass #39
Expired token aren't removed when session expires #38
sign_up helper #37
self.tokens[client_id]['token'] != token #30
How is the uid generated for non-omniauth users? #29
Access to current_user variable? #28
Filter chain halted as :require_no_authentication #27
Allow additional parameters for registration #25
Cannot add more parameters at sign_up #22
Error on Registration #21
Error with authentication #20
Cascade of Issues with Omniauth(?) #18
Batch Requests Respond with Original Auth Token #17
Sign out with email provider error #16
sessions_controller.rb #12
Github login in example is broken #10
Facebook auth is broken #9
Generator is not working #8
Test ticket from Code Climate #6
Test ticket from Code Climate #5
extending the devise_token_auth user model #4
A few ideas #3
Google Oauth2 does not set cookies in production. #1

Merged pull requests:

Fixes include bug causing sign_in to require auth #1016 (karlingen)
Update CONTRIBUTING.md #1009 (stratigos)
Adding Danish locale #1006 (mikkeljuhl)
allow only one confirmation #1001 (MaicolBen)
Added capitalize to user_class in model file template #1000 (kiritAyya)
Match email regexp with devise #999 (MaicolBen)
Edit RegistrationsController#create to use ResourceFinder::provider #998 (m4-miranda)
993 - mirror auth header keys in build_auth_url query params #996 (ethagnawl)
Add link to wiki of how to add fields for an existing user table #985 (MaicolBen)
contemplate single table inheritance in DeviseTokenAuth::Concerns::SetUserByToken#set_user_by_token #984 (maxwells)
Upgrade test suite to use Rails 5 #981 (lynndylanhurley)
Conditionally set rails version on migration #979 (MaicolBen)
remove confirm_success_url entries from dummy migrations #978 (ethagnawl)
link to cached version of _How to Run a Single Rails Unit Test_ blog … #977 (ethagnawl)
Fix default provider after refactor in concern #975 (MaicolBen)
Adding in unlocks controller and specs. This should resolve #927. #971 (brycesenz)
Add a call to contribute to the top of the README. Ref #969. #970 (zachfeldman)
CONTRIBUTING: Add header, format sections #968 (olleolleolle)
Add note about Grape usage. Closes #73. #967 (zachfeldman)
Allow other provider than email when logins #964 (MaicolBen)
change devise method to reset password by token #957 (dks17)
Docs - add confirm_sucess_url to required params in email registration #956 (pnewsam)
Fix header name on account delete documentation #909 (mconiglio)
Document the confirm_success_url param for email registration #901 (nerfologist)
Fix header markdown typo #895 (f3ndot)
Support setting whitelist, without setting default redirect_url #894 (dkniffin)
Support for devise 4.3 that is now supporting rails 5.1 #891 (silviusimeria)
Translate message: Authorized users only through devise #883 (vincenzodev)
Updated generator test code to work with rails 5 #872 (jrhee17)
Feature/customable authorized users only error response #869 (abeyuya)
Use rails validator instead of custom one #865 (MaicolBen)
use URI::HTTPS to generate HTTPS redirects #864 (cgc)
Persist allow_password_change in the database #863 (MohamedBassem)
Rename find_by methods #860 (alex-lairan)
Support for Devise 4.2.1 #852 (ckho)
Ability to use different default fields in model #849 (blddmnd)
GitHub Issues template, Contributing guidelines #847 (olleolleolle)
Better implementation to test if connection to db is active #843 (richardxia)
Add Albanian locale #842 (fatosmorina)
Improve documentation for testing. #840 (JonRowe)
Update german translation. #816 (gobijan)
Prevent getting table info if not connected to db #814 (cbliard)
Add support for italian locale #811 (Chosko)
Fix privacy issue with password reset request #808 (biomancer)
Add missing parameter :redirect_url, fixes #805 #806 (Rush)
Fix language errors in German locale #800 (morgler)
Don't send extra data on request password reset #798 (Mrjaco12)
Travis: use the code_climate addon config #786 (olleolleolle)
Update link #782 (dijonkitchen)
Add index for confirmation_token #767 (dijonkitchen)
Fixes constructing redirect_route #765 (piotrkaczmarek)
Use standart ActiveRecord error message for email uniqueness validation #746 (mpugach)
Add Romanian locale. #743 (razvanmitre)
Ruby syntax: replace and/not with &&/! #733 (olleolleolle)
Update indexes on template #724 (dijonkitchen)
Add an extra line to the "contributing" list #720 (jahammo2)
Fix grammar #712 (dijonkitchen)
Added reference to Angular2-Token to README #710 (neroniaky)
feat(whitelist): add wildcard support for redirect_whitelist patterns #709 (booleanbetrayal)
Allow user specific token lifespans #704 (codez)
Always set header in batch mode #703 (codez)
Fix Migration Deprecation Warning #700 (juddey)
Apply redirect\_whitelist to OAuth redirect URI. #699 (lynndylanhurley)
add zh-CN.yml #697 (halfray)
update README.md #693 (nhattan)
Fix for issue #677 #678 (develop-test1)
Fix for issue #600 #674 (milep)
Use lockable devise option and unlock controller overwrite #669 (genaromadrid)
Fix setup config example in README #665 (guich-wo)
added bypass_sign_in for next version of Devise #663 (KendallPark)
fix method 'is_json_api' with active_model_serialier v 0.10.0 #651 (woodcrust)
Tokens count overmuch fixed #650 (JerryGreen)
updates config wrapper to conform with newer idiom #648 (bvandgrift)
Adding support for devise 4.1.1 #642 (iainmcg)
Updating Devise dependency to max 4.1.1 #641 (TGRGIT)
Fix yields from controller actions #638 (tiagojsag)
Fix generator to correctly inject content into the user model in rails 5 #636 (ethangk)
fix spelling in comment on token auth concern #632 (dandlezzz)
fixed devise deprecation warning for config.email_regexp #618 (lemuelbarango)
Revert "Update readme for headers names" #592 (ash1day)
Update readme for headers names #589 (ash1day)
Add info to README #585 (ghost)
Fix typo and remove trailing spaces #578 (ash1day)
allowing authenticating using headers as well as a post request #576 (ingolfured)
Whitespace: tabs removed #574 (olleolleolle)
Added dutch translations #571 (nschmoller)
now possible to change headers names in the config file #569 (ingolfured)
User concern: Ensure fallback is in place #564 (olleolleolle)
Return resource with top-level 'type' member. #562 (ruimiguelsantos)
Fix devise mapping #540 (merqlove)
Make all json responses to be json_api compliant #537 (djsegal)
Avoid sending auth headers if while processing used token is cleared #531 (virginia-rodriguez)
Add Japanese locale and fix typo #530 (metalunk)
Added omniauth post route #528 (v3rtx)
Extract model callbacks #525 (merqlove)
create token when no client_id token #523 (charlesdg)
Fix enable_standard_devise_support in initializer #518 (halilim)
Make render_create_success render valid json_api #513 (djsegal)
Prevent raise of exception if set_user_by_token not defined #511 (jeryRazakarison)
send_on_create_confirmation_instructions callback isn't defined (rails 5) #508 (fivetwentysix)
[REBASE] Fix rails 5 deprecation and devise parameter sanitization #507 (fivetwentysix)
remove deprecations from RegistrationsController #506 (fivetwentysix)
Allow new devise version for rails 5 compatibility #499 (djsegal)
Spelling mistake #493 (Tom-Tom)
Improve Brazilian Portuguese locale #491 (ssouza)
fix namespaced mapping name #484 (paulosoares86)
Locale file for both zh-TW and zh-HK #483 (SunnyTam)
Fixed typos and inconsistencies in ru.yml #478 (fertingoff)
Fixes Issue #362: Fixes for the omniauth redirection issue for namesp… #476 (devilankur18)
removing old tokens when user changes passwords #474 (paulosoares86)
Move travis to container based configuration #470 (ValentinTrinque)
Prevent helpers being loaded for Rails API’s #469 (djsegal)
Reduce dependencies to allow Rails 5.0 #467 (djsegal)
Fix locales errors.messages.already\_in\_use + clean up #466 (ValentinTrinque)
Added 401 response to failed group authentication #446 (rstrobl)
RU translations #441 (yivo)
to keep coherent with devise. pt instead of pt-PT.yml #436 (rmvenancio)
limiting the number of concurrent devices #434 (paulosoares86)
Raise error in controller method #430 (ArneZsng)
feat(enable-standard-devise): allow configurable support of legacy Devise authentication #428 (booleanbetrayal)
Support for i18n in mailers views #427 (ponyesteves)
Fix omniauthredirection when under scopes #425 (xjunior)
Translation to German #423 (haslinger)
fix(url): preserve query parameters when building urls #421 (nbrustein)
Change default message for already in use error and added to english … #417 (ponyesteves)
Issue #413 #414 (Carrigan)
Add .ruby-version entry to .gitignore #412 (xymbol)
404 for invalid link with password reset token #411 (rmvenancio)
Flag signin when user confirms email address. #410 (rmvenancio)
Portuguese Translation #409 (rmvenancio)
Added polish translation. #405 (h3xed)
Drop .ruby-version file #404 (xymbol)
Implement hook methods for customized json rendering #384 (neutronz)
Feature/password reset with check fix #374 (jakubrohleder)
fix(oauth): fixes #368: do not serialize the entire user object in the url when redirecting from oauth #371 (nbrustein)
Fallback to ActiveModel translations in EmailValidator #369 (yivo)
Add a Gitter chat badge to README.md #360 (gitter-badger)
Improvements to the docs. #358 (aarongray)
Add description to readme about the devise.rb initializer. #356 (aarongray)
Correct handling namespaced resources #355 (yivo)
Fix concern not being inserted for rails-api apps. #350 (aarongray)
Add documentation to explain gotcha with rails-api. #349 (aarongray)
Fully support OmniauthCallbacksController action overrides. Fixes #186. #347 (tbloncar)
#340 Restrict access to controllers methods #341 (gkopylov)
fix(omniauth): fix error in setting text on redirect page #336 (nbrustein)
add Brazilian Portuguese translation (pt-BR) #331 (josiasds)
Tests to ensure standard devise has greater priority than tokens #330 (colavitam)
Fixed error when using standard devise authentication #329 (colavitam)
feat(improved-omniauth): omniauth sameWindow and inAppBrowser flows #323 (nbrustein)
Fix invalid omniauth redirect #322 (troggy)
Old password check before password update #317 (jakubrohleder)
Remove erroneous colon from before_action callback #310 (jmliu)
Disabled serialization for JSON type columns #306 (colavitam)
Set default provider to "email" in migration #302 (colavitam)
Fix an issue for not :confirmable users #296 (sebfie)
Update README.md #295 (adisos)
Fix MOUNT_PATH 'Read More' link #294 (jmliu)
Don't send password reset instructions to unconfirmed email #288 (coryschires)
Feature/i18n support #283 (sebfie)
Update documentation for validate_token #277 (adamgall)
Added json support for tokens #276 (shicholas)
perf(token_is_current?): add simplistic cache to reduce overhead of redundant token checks during validation calls #272 (booleanbetrayal)
perf(update_auth_header): only lock the resource if we are rotating tokens #267 (booleanbetrayal)
fix(email-validation): Update in-use email validation message during registration to allow full_message use #255 (booleanbetrayal)
fix(session#new): fix unhandled 500 when logging in with valid user and bad password #254 (mathemagica)
feat(ominauth): support json-formatted values in omniauth callback. #252 (nbrustein)
fix(sessions controller): call reset_session on destroy #251 (nbrustein)
fix(resource_class): support optional mapping property from set_user_by_token #250 (booleanbetrayal)
Allow current_password to be supplied when updating profile. #240 (jasonswett)
fixes password reset when not using confirmable #225 (aesnyder)
Fix error when email missing from registration params #220 (iangreenleaf)
URI fragment should appear at the end of URL #214 (edymerchk)
Super block yield (all controllers) #209 (sgwilym)
Super block yield #207 (sgwilym)
Ability to localize error message #206 (lda)
remove fragment sign ("#") from URLs without fragment #205 (tomdov)
Return 422 (was 500) when empty body for sign up and account update #204 (mchavarriagam)
Users with allowed unconfirmed access can now log in successfully. #202 (colavitam)
Authenticating an existing Warden/Devise User #200 (nickL)
GET sign_in should direct people to use POST sign_in rather than raising exception #191 (milesmatthias)
Ignore 'extra' in Twitter auth response to avoid CookieOverflow. Fixes #145. #179 (tbloncar)
Some missing as_json ? #152 (nicolas-besnard)
Check email format on registration #150 (nicolas-besnard)
Actual header key uses dashes, not underscores. #143 (ragaskar)
Username register login #128 (nicolas-besnard)
Check if confirmable is active before skipping confirmation #125 (nicolas-besnard)
Fix links to section about controller integration. #117 (Le6ow5k1)
document GET for /validate_token #113 (lukaselmer)
Fix small error in documentation. #91 (edgarhenriquez)
Exclude devise modules #85 (jartek)
fix(registration and update): Ensure UID is updated alongside Email, and case-sensitivity is honored #71 (booleanbetrayal)
Add better guidelines for contributors. #67 (edgarhenriquez)
Use resource_class to override email confirmation. #64 (edgarhenriquez)
fix(case-sensitivity): support devise case_insensitive_keys for session ... #57 (booleanbetrayal)
fix(contention): fix write contention in update_auth_headers and always ... #52 (booleanbetrayal)
Include resource.errors.full_messages in error response. #50 (jasonswett)
fix(expiry): fix an issue where token expiration checks were too permissive #49 (booleanbetrayal)
Update README with Example Generator Command #35 (wwilkins)
Remove OmniAuth dependency #26 (hannahhoward)
Update README.md #24 (davidsavoya)
guard against MissingAttributeError during common ActiveRecord operations #19 (booleanbetrayal)
Fix expiry data type #11 (lonre)
README and travis config tweaks #7 (guilhermesimoes)

Change Log

v0.1.42 (2017-05-17)

Full Changelog

Closed issues:

devise_token_auth blocks upgrade to Rails 5.1.0 #875

Merged pull requests:

Support for devise 4.3 that is now supporting rails 5.1 #891 (silviusimeria)

Change Log

v0.1.41

Full Changelog

Implemented enhancements:

Rails generator to update views #33
Extract Omniauth attributes assignation into a method #31

Fixed bugs:

Generator doesn't work correctly with mongoid and/or rails-api #14
Generator issues #13

Closed issues:

Can´t retrieve access token in login response headers #877
how do I login a user after account signup? #866
Can only register one account. #858
No access-token in the header #855
Headers not present in all requests #851
uninitialized constant SECRET_KEY_BASE #845
devise_token_auth: can't work with Rails subdomain. #831
Question: email confirmation token URI with Rails API #824
readme code for controller override needs a slight change #819
Support for multiple providers during same session #815
not supporting for angular1.6 #810
Add has one/belongs to assotiation #807
redirect_url required but not permitted in strong parameters #805
Data leak on create password reset #797
Rails 5 API Mode Not Authorizing #796
wrong constant name user #784
current_user returns nill #779
ActionController::RoutingError - undefined method `helper_method' #776
Minimum Limits on a token? #764
Octopus throwing error when deleting expired tokens #761
Only one User model return the correct headers #757
ArgumentError in Devise::RegistrationsController#new #750
OAuth (GitHub) redirects to callback url twice #749
Rails 5 API deployed as microservices #741
Query params left in url after facebook login cause authentication to fail on refresh #734
Can't permit parameters in rails engine #731
Cannot integrate with omniauth-facebook #729
Two models, one not working #726
API response bodies are empty when using active_model_serializers #715
/sign_out route is returning 404 not found #713
Why is tokens field a json type and how to create a query based on inside values? #707
Deprecation Error Message on 5.0 #698
"Covert Redirect" Vulnerability #696
No route matches [POST] "/api/v1/auth" #694
Got this error with ActiveAdmin "wrong number of arguments (1 for 0)" #692
using devise_token_auth for API alongside standard devise gem for HTML view #689
No Headers after sign_in for new Users created by Admin #685
NoMethodError (undefined method `headers_names' for DeviseTokenAuth:Module) #684
Fast page refresh problem #683
IndexError: string not matched on User sign_in #681
skip_confirmation_notification! not working #679
rails g devise_token_auth:install User auth hangs and does nothing #671
Bump version to support devise 4.1.1 #659
callback :set_user_by_token has not been defined #649
Issues with active_model_serializers #644
Error with devise #643
undefined method `token_validation_response' #635
when password is reset from UI, all tokens must be removed if remove_tokens_after_password_reset is true #634
Relax devise dependency to allow 4.1 #631
Rails 5 generator doesn't insert concern #627
NoMethodError (undefined method `find_by_uid') in production. #625
Why is password confirmation required ? #624
Curl not working for sign_in but works on ng-token-angular #620
After Sign-in success, The following requests on Angular side are unauthorized. #619
Omniauth - Facebook app doesn't run callback url after successful Facebook authentication #615
:authenticate_user! wired behaviour #614
current_user is nil, request headers are all upcased and prefixed with HTML_ #611
Problem in generated routes #607
Rails 5 API Mode - no headers in response #606
Filter chain halted as :authenticate_user! rendered or redirected #603
422 Unprocessable Entity when using local IP address #601
not working with latest version of active_model_serializers #600
overriding rendering methods in devise_token_auth #597
redirect_url is missing in email instructions sent to the user for password reset #588
Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password_confirmation":"abcdefgh"} #587
can't authenticate user when opening a new download tab #582
Mails are not being sent #581
current_user seems to be nil after doing requests from different tabs #579
Do we have any rspec helpers to sign_in an user? #577
Cannot override json response of authenticate_user! #575
return custom json data after sign_in #567
/auth/validate_token works but getting 401 unauthorized when sending request with auth headers #550
Where is the access key of omniauth provider? #549
How this gem is different from a JWT system? #543
Improper formatting for JSON API error/success responses #536
Is it a hybrid authentication system? #527
check_current_password_before_update still requires password when resetting password #526
Manually authenticate for testing #521
Support for STI #517
DEPRECATION WARNING: alias_method_chain is deprecated #514
JSON responses don't fit JSON_API requirements #512
Not working with rails 5 and devise master #504
Unpermitted parameters: confirm_success_url, config_name, registration #501
set_user_by_token not defined in production for rails 5 #500
Master branch no longer working with devise master branch (version error) #498
uid is not getting set in git revision 996b9cf23a18 #497
ve_model_serializer namespace #492
User remains logged in when using devise and devise_token_auth in the same app #486
DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 #482
validate_token - resource_name - undefined method `name' for nil:NilClass #480
Helpers being loaded for Rails API's #468
Unable to call rails g devise\_token\_auth:install within rails engine #465
locales errors.messages.already\_in\_use seems broken #463
It shows "An error occurred" after omniauth callback #445
- #444
Put Access Token in body #442
Unable to add a new param for sign up #440
Undefined method provider from devise_toke_auth concerns/user.rb #438
Scoped DeviseToken but it still affects the original Omniauth redirects. #429
Can't create user via api #422
Password Reset question, do I need my own form? #418
Large Size on Disk #415
The validate_token function in the readme is missing a parameter #413
Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module #406
change_headers_on_each_request and batch requests #403
Multiple users, returning(and creating) wrong model's auth token #399
Can't verify CSRF token authenticity #398
uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt #393
Sign in not success. #388
password length #380
Devise token auth not found routing error #379
Defining a custom primary key #378
seeing other users data after login/out with different users on ionic #375
omniauth: when redirecting, user object should not be serialized into url #368
getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser #367
omniauth callback redirect not working properly when using namespace/scope #362
invalid token in method set_user_by_token on RegistrationsController#update #357
Allow devise patch version updates #351
Error validating token #348
Restricting access to controllers methods #340
Allow for HTTP Basic Auth ? #337
Allow Omniauth user reset password #335
NameError (uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt) #333
Unpermitted parameters: format, session #328
Concern causes app to connect to database when precompiling assets. #327
devise token auth + Save Facebook auth_hash info in database #326
Error sending password reset email when not using confirmable (reopened #124) #321
Routing error / Preflight request / OPTIONS #320
delete tokens after password change #318
Can't authorize (user_signed_in? always show false) #315
Warden::SessionSerializer - wrong number of arguments (2 for 1) #312
The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController #309
Having 401 Unauthorized only with mobile #305
remove unused nickname, image from user object #304
HI, This is more of a doubt since I could not finding anything related to this in your documentation. #300
Getting 401's when making requests using iOS/Android clients #299
undefined method `tokens' for #<Hash:0x000000063f0920> #297
Confirmation URL giving bad arguments #293
set_user_by_token not called in overriden controller #291
Question: Should we send password reset instructions to unconfirmed emails? #287
NoMethodError (undefined method `[]' for nil:NilClass): #286
Facebook omniauth redirection is missing url when testing on localhost #285
No route matches [GET] "/users/facebook/callback" #280
No route matches [GET] "/omniauth/:provider" #278
How to refresh token/expiry? #275
wrong number of arguments (1 for 0): in DeviseTokenAuth::RegistrationsController#create #274
Can not save a user with nil tokens attribute #271
Shouldn't validate_token param be access-token, not auth_token? #270
include associations on login #269
Failure route not handled #262
Getting Unauthorized error even after sending the correct token, uid and client #261
Weird error message #259
undefined method `provider' for #<User:0x007f49fd5da2e8> #257
Custom Serializer like ActiveModel Serializer #249
File download with query params #246
Info: is devise_token_auth compatible with rails 3.2.19? #245
Headers required for different methods #243
Unpermitted parameters: format, session, lang #239
On sign_in, devise_token_auth expects the uid to be the same as the email #237
Name conflict with inherited_resources #236
sign_in will not fetch the token #234
Remove ('#') symbol when using html5mode in locationProvider #232
Log in request 401 error #231
User Registration - "email address already in use" when it is unique #230
Devise email validation disabled...why? #229
confirm_success_url error not working #226
pending_reconfirmation called when confirmable isn't used #224
omniauth_success.html.erb JSON bug #221
Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application #218
Where can I got token? #217
URI fragment prevent to send params in Confirmation URL #213
Generating many client tokens #210
Limit tokens hash? #208
500 error returned when no data is POSTed to registration controller #203
undefined method `match' for nil:NilClass #201
DELETE method becoming OPTIONS @ Heroku #197
40 Mb log file and 1 minute to have token with curl #195
401 unauthorized #193
GET requests to sign_in shouldn't raise an exception #190
Api not locked by default #189
Rails 4.1 #187
Unable to override OmniauthCallbacksController#redirect_callbacks #186
Devise and devise_token_auth omniauth callbacks #184
Token based authentication with no sessions #183
undefined method `authenticate_user!' #182
confirm_success_url shouldn't be a required param #176
Provide an OAuth implementation for native apps #175
getting an argument error when trying to use omniauth #174
Sign in via username doesn't seem to work correctly. #173
Cannot use + sign in email address. #171
How can i authenticate using curl and get private entries ! #167
Pessimistic Locking produces ArgumentError #165
POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API #162
Sign out just on client side ? #161
Unpermitted parameter: redirect_url #160
Issues using devise and devise_token_auth #159
Add role based authorization #158
Not compatible with ActiveAdmin #156
[Duplicate] is devise_invitable supported? #154
User can register with a "false" email #149
/validate_token #148
Email confirmation link #147
Tokens field on database #146
Twitter OAuth always throughs CookieOverflow #145
Is there a way to configure apiUrl for both dev and prod? #144
Getting 401 unauthorized on login attempt #142
Comparing with jwt #140
Can't get omniauth to work (error in redirect_callbacks) #139
Change controller inheritance #138
Reset Password call returns 400 for Not Found user #137
The gem is too big. Please take care of it. #136
Error when loging with facebook the second time without logout #135
OmniAuth redirect doesn't work if using the generated mount_devise_token route #133
Missing template /omniauth_response #132
Unpermitted parameter: session #130
OAuth error: We're sorry, but something went wrong #129
Would it be useful to integrate login with username ? #127
Sign in with login instead of email #126
Error sending password reset email when not using confirmable #124
Using expired token for parallel calls #123
User tokens don't properly deserialize #121
OmniauthCallbacksController#omniauth_success wrong number of arguments (1 for 0) #119
Could not load 'omniauth' #118
bad argument (expected URI object or URI string) #116
devise_token_auth for public API, but devise for rest of app? #114
Omniauthable deleted on UsersConcern : Why ? #111
Unrequired route #110
raises NoMethodError instead of displaying error when email is missing #108
Error with RailsAdmin. "The action 'new' could not be found for DeviseTokenAuth::SessionsController" #107
Circular dependency detected while autoloading constant Api #106
Can't Authenticate via cURL #105
Unpermitted parameters: user, registration #104
BCrypt::Errors::InvalidSalt errors #103
Active job token expiring integration #102
The action 'new' could not be found for DeviseTokenAuth::RegistrationsController #100
Disable confirmable #99
responders - rails 4.2 #98
forward skip to devise #97
API versioning the devise scope of token validation and ominiauth controller path will wrap up #96
Overwriting default "from" email address #94
uninitialized constant DeviseTokenAuth #92
change_headers_on_each_request not working expiry header empty #90
Gem render consistency #87
Sample Sessions Controller for logging in via Rails View. #86
Change authorization key: Use phone_number instead of email #84
Conflict with active_admin gem #83
NoMethodError in DeviseTokenAuth::OmniauthCallbacksController#redirect_callbacks #82
All the APIs are getting 'Authorized users only' #81
Is Devise option Rememberable required ? #80
Problem with skip_confirmation! #78
Cannot reset password if registered by omniauth #77
NoMethodError at /omniauth/facebook/callback - undefined method `[]' for nil:NilClass #76
Remove dependency on ActiveRecord #72
Skipping Registrations Controller Altogether #70
Problem in validate_token if the model is in a namespace #69
Cannot send confirmation email if there is no 'User' model #68
Better guidelines for contributors #65
admin namespace #63
Devise trackable module not working #62
Devise_token_auth without OmniAuth authentication #60
Reset Password error #59
Confirmable - unconfirmed email #58
Email Column Isn't Used for Database Authentication #56
Unique Key for Provider and UID Combination #55
User Info in separate table or removed #53
rename @user to @resource #48
Active_admin issue #47
Possible Logout Issue #46
Routes not appended to routes.rb #45
Return resource.errors.full_messages in addition to resource.errors #44
Devise and Devise_Token_Auth in api namespace #43
Trackable attributes are not being updated. #42
Avoid using respond_to in application controller #41
devise_token_auth assumes you want the :confirmable functionality #40
undefined method `match' for nil:NilClass #39
Expired token aren't removed when session expires #38
sign_up helper #37
self.tokens[client_id]['token'] != token #30
How is the uid generated for non-omniauth users? #29
Access to current_user variable? #28
Filter chain halted as :require_no_authentication #27
Allow additional parameters for registration #25
Cannot add more parameters at sign_up #22
Error on Registration #21
Error with authentication #20
Cascade of Issues with Omniauth(?) #18
Batch Requests Respond with Original Auth Token #17
Sign out with email provider error #16
sessions_controller.rb #12
Github login in example is broken #10
Facebook auth is broken #9
Generator is not working #8
Test ticket from Code Climate #6
Test ticket from Code Climate #5
extending the devise_token_auth user model #4
A few ideas #3
Google Oauth2 does not set cookies in production. #1

Merged pull requests:

Translate message: Authorized users only through devise #883 (vincenzodev)
Updated generator test code to work with rails 5 #872 (jrhee17)
use URI::HTTPS to generate HTTPS redirects #864 (cgc)
Rename find_by methods #860 (alex-lairan)
Support for Devise 4.2.1 #852 (ckho)
Add Albanian locale #842 (fatosmorina)
Update german translation. #816 (gobijan)
Prevent getting table info if not connected to db #814 (cbliard)
Add support for italian locale #811 (Chosko)
Fix privacy issue with password reset request #808 (biomancer)
Add missing parameter :redirect_url, fixes #805 #806 (Rush)
Fix language errors in German locale #800 (morgler)
Don't send extra data on request password reset #798 (Mrjaco12)
Travis: use the code_climate addon config #786 (olleolleolle)
Update link #782 (dijonkitchen)
Add index for confirmation_token #767 (dijonkitchen)
Fixes constructing redirect_route #765 (piotrkaczmarek)
Use standart ActiveRecord error message for email uniqueness validation #746 (mpugach)
Add Romanian locale. #743 (razvanmitre)
Ruby syntax: replace and/not with &&/! #733 (olleolleolle)
Update indexes on template #724 (dijonkitchen)
Add an extra line to the "contributing" list #720 (jahammo2)
Fix grammar #712 (dijonkitchen)
Added reference to Angular2-Token to README #710 (neroniaky)
feat(whitelist): add wildcard support for redirect_whitelist patterns #709 (booleanbetrayal)
Fix Migration Deprecation Warning #700 (juddey)
Apply redirect\_whitelist to OAuth redirect URI. #699 (lynndylanhurley)
add zh-CN.yml #697 (halfray)
update README.md #693 (nhattan)
Fix for issue #600 #674 (milep)
Use lockable devise option and unlock controller overwrite #669 (genaromadrid)
Fix setup config example in README #665 (guich-wo)
added bypass_sign_in for next version of Devise #663 (KendallPark)
fix method 'is_json_api' with active_model_serialier v 0.10.0 #651 (woodcrust)
Tokens count overmuch fixed #650 (JerryGreen)
updates config wrapper to conform with newer idiom #648 (bvandgrift)
Adding support for devise 4.1.1 #642 (iainmcg)
Updating Devise dependency to max 4.1.1 #641 (TGRGIT)
Fix yields from controller actions #638 (tiagojsag)
Fix generator to correctly inject content into the user model in rails 5 #636 (ethangk)
fix spelling in comment on token auth concern #632 (dandlezzz)
fixed devise deprecation warning for config.email_regexp #618 (lemuelbarango)
Revert "Update readme for headers names" #592 (ash1day)
Update readme for headers names #589 (ash1day)
Add info to README #585 (ghost)
Fix typo and remove trailing spaces #578 (ash1day)
allowing authenticating using headers as well as a post request #576 (ingolfured)
Whitespace: tabs removed #574 (olleolleolle)
Added dutch translations #571 (nschmoller)
now possible to change headers names in the config file #569 (ingolfured)
User concern: Ensure fallback is in place #564 (olleolleolle)
Return resource with top-level 'type' member. #562 (ruimiguelsantos)
Fix devise mapping #540 (merqlove)
Make all json responses to be json_api compliant #537 (djsegal)
Avoid sending auth headers if while processing used token is cleared #531 (virginia-rodriguez)
Add Japanese locale and fix typo #530 (metalunk)
Added omniauth post route #528 (v3rtx)
Extract model callbacks #525 (merqlove)
create token when no client_id token #523 (charlesdg)
Fix enable_standard_devise_support in initializer #518 (halilim)
Make render_create_success render valid json_api #513 (djsegal)
Prevent raise of exception if set_user_by_token not defined #511 (jeryRazakarison)
send_on_create_confirmation_instructions callback isn't defined (rails 5) #508 (fivetwentysix)
[REBASE] Fix rails 5 deprecation and devise parameter sanitization #507 (fivetwentysix)
remove deprecations from RegistrationsController #506 (fivetwentysix)
Allow new devise version for rails 5 compatibility #499 (djsegal)
Spelling mistake #493 (Tom-Tom)
Improve Brazilian Portuguese locale #491 (ssouza)
fix namespaced mapping name #484 (paulosoares86)
Locale file for both zh-TW and zh-HK #483 (SunnyTam)
Fixed typos and inconsistencies in ru.yml #478 (fertingoff)
Fixes Issue #362: Fixes for the omniauth redirection issue for namesp… #476 (devilankur18)
removing old tokens when user changes passwords #474 (paulosoares86)
Move travis to container based configuration #470 (ValentinTrinque)
Prevent helpers being loaded for Rails API’s #469 (djsegal)
Reduce dependencies to allow Rails 5.0 #467 (djsegal)
Fix locales errors.messages.already\_in\_use + clean up #466 (ValentinTrinque)
Added 401 response to failed group authentication #446 (rstrobl)
RU translations #441 (yivo)
to keep coherent with devise. pt instead of pt-PT.yml #436 (rmvenancio)
limiting the number of concurrent devices #434 (paulosoares86)
Raise error in controller method #430 (ArneZsng)
feat(enable-standard-devise): allow configurable support of legacy Devise authentication #428 (booleanbetrayal)
Support for i18n in mailers views #427 (ponyesteves)
Fix omniauthredirection when under scopes #425 (xjunior)
Translation to German #423 (haslinger)
fix(url): preserve query parameters when building urls #421 (nbrustein)
Change default message for already in use error and added to english … #417 (ponyesteves)
Issue #413 #414 (Carrigan)
Add .ruby-version entry to .gitignore #412 (xymbol)
404 for invalid link with password reset token #411 (rmvenancio)
Portuguese Translation #409 (rmvenancio)
Added polish translation. #405 (h3xed)
Drop .ruby-version file #404 (xymbol)
Implement hook methods for customized json rendering #384 (neutronz)
Feature/password reset with check fix #374 (jakubrohleder)
fix(oauth): fixes #368: do not serialize the entire user object in the url when redirecting from oauth #371 (nbrustein)
Fallback to ActiveModel translations in EmailValidator #369 (yivo)
Add a Gitter chat badge to README.md #360 (gitter-badger)
Improvements to the docs. #358 (aarongray)
Add description to readme about the devise.rb initializer. #356 (aarongray)
Correct handling namespaced resources #355 (yivo)
Fix concern not being inserted for rails-api apps. #350 (aarongray)
Add documentation to explain gotcha with rails-api. #349 (aarongray)
Fully support OmniauthCallbacksController action overrides. Fixes #186. #347 (tbloncar)
#340 Restrict access to controllers methods #341 (gkopylov)
fix(omniauth): fix error in setting text on redirect page #336 (nbrustein)
add Brazilian Portuguese translation (pt-BR) #331 (josiasds)
Tests to ensure standard devise has greater priority than tokens #330 (colavitam)
Fixed error when using standard devise authentication #329 (colavitam)
feat(improved-omniauth): omniauth sameWindow and inAppBrowser flows #323 (nbrustein)
Fix invalid omniauth redirect #322 (troggy)
Old password check before password update #317 (jakubrohleder)
Remove erroneous colon from before_action callback #310 (jmliu)
Disabled serialization for JSON type columns #306 (colavitam)
Set default provider to "email" in migration #302 (colavitam)
Fix an issue for not :confirmable users #296 (sebfie)
Update README.md #295 (adisos)
Fix MOUNT_PATH 'Read More' link #294 (jmliu)
Don't send password reset instructions to unconfirmed email #288 (coryschires)
Feature/i18n support #283 (sebfie)
Update documentation for validate_token #277 (adamgall)
Added json support for tokens #276 (shicholas)
perf(token_is_current?): add simplistic cache to reduce overhead of redundant token checks during validation calls #272 (booleanbetrayal)
perf(update_auth_header): only lock the resource if we are rotating tokens #267 (booleanbetrayal)
fix(email-validation): Update in-use email validation message during registration to allow full_message use #255 (booleanbetrayal)
fix(session#new): fix unhandled 500 when logging in with valid user and bad password #254 (mathemagica)
feat(ominauth): support json-formatted values in omniauth callback. #252 (nbrustein)
fix(sessions controller): call reset_session on destroy #251 (nbrustein)
fix(resource_class): support optional mapping property from set_user_by_token #250 (booleanbetrayal)
Allow current_password to be supplied when updating profile. #240 (jasonswett)
fixes password reset when not using confirmable #225 (aesnyder)
Fix error when email missing from registration params #220 (iangreenleaf)
URI fragment should appear at the end of URL #214 (edymerchk)
Super block yield (all controllers) #209 (sgwilym)
Super block yield #207 (sgwilym)
Ability to localize error message #206 (lda)
remove fragment sign ("#") from URLs without fragment #205 (tomdov)
Return 422 (was 500) when empty body for sign up and account update #204 (mchavarriagam)
Users with allowed unconfirmed access can now log in successfully. #202 (colavitam)
Authenticating an existing Warden/Devise User #200 (nickL)
GET sign_in should direct people to use POST sign_in rather than raising exception #191 (milesmatthias)
Ignore 'extra' in Twitter auth response to avoid CookieOverflow. Fixes #145. #179 (tbloncar)
Some missing as_json ? #152 (nicolas-besnard)
Check email format on registration #150 (nicolas-besnard)
Actual header key uses dashes, not underscores. #143 (ragaskar)
Username register login #128 (nicolas-besnard)
Check if confirmable is active before skipping confirmation #125 (nicolas-besnard)
Fix links to section about controller integration. #117 (Le6ow5k1)
document GET for /validate_token #113 (lukaselmer)
Fix small error in documentation. #91 (edgarhenriquez)
Exclude devise modules #85 (jartek)
fix(registration and update): Ensure UID is updated alongside Email, and case-sensitivity is honored #71 (booleanbetrayal)
Add better guidelines for contributors. #67 (edgarhenriquez)
Use resource_class to override email confirmation. #64 (edgarhenriquez)
fix(case-sensitivity): support devise case_insensitive_keys for session ... #57 (booleanbetrayal)
fix(contention): fix write contention in update_auth_headers and always ... #52 (booleanbetrayal)
Include resource.errors.full_messages in error response. #50 (jasonswett)
fix(expiry): fix an issue where token expiration checks were too permissive #49 (booleanbetrayal)
Update README with Example Generator Command #35 (wwilkins)
Remove OmniAuth dependency #26 (hannahhoward)
Update README.md #24 (davidsavoya)
guard against MissingAttributeError during common ActiveRecord operations #19 (booleanbetrayal)
Fix expiry data type #11 (lonre)
README and travis config tweaks #7 (guilhermesimoes)

Change Log

v0.1.40 (2017-01-20)

Full Changelog

Closed issues:

Support for multiple providers during same session #815
not supporting for angular1.6 #810
Add has one/belongs to assotiation #807
redirect_url required but not permitted in strong parameters #805
Rails 5 API Mode Not Authorizing #796
wrong constant name user #784
current_user returns nill #779
ActionController::RoutingError - undefined method `helper_method' #776
Minimum Limits on a token? #764
Octopus throwing error when deleting expired tokens #761
Only one User model return the correct headers #757
ArgumentError in Devise::RegistrationsController#new #750
Rails 5 API deployed as microservices #741
Query params left in url after facebook login cause authentication to fail on refresh #734
Can't permit parameters in rails engine #731
Cannot integrate with omniauth-facebook #729
Two models, one not working #726
API response bodies are empty when using active_model_serializers #715
/sign_out route is returning 404 not found #713
Why is tokens field a json type and how to create a query based on inside values? #707
Deprecation Error Message on 5.0 #698

Merged pull requests:

Update german translation. #816 (gobijan)
Add support for italian locale #811 (Chosko)
Fix privacy issue with password reset request #808 (biomancer)
Add missing parameter :redirect_url, fixes #805 #806 (Rush)
Fix language errors in German locale #800 (morgler)
Don't send extra data on request password reset #798 (Mrjaco12)
Travis: use the code_climate addon config #786 (olleolleolle)
Update link #782 (dijonkitchen)
Add index for confirmation_token #767 (dijonkitchen)
Fixes constructing redirect_route #765 (piotrkaczmarek)
Use standart ActiveRecord error message for email uniqueness validation #746 (mpugach)
Add Romanian locale. #743 (razvanmitre)
Update indexes on template #724 (dijonkitchen)
Add an extra line to the "contributing" list #720 (jahammo2)
Fix grammar #712 (dijonkitchen)
Added reference to Angular2-Token to README #710 (neroniaky)
feat(whitelist): add wildcard support for redirect_whitelist patterns #709 (booleanbetrayal)

Change Log

v0.1.39 (2016-08-16)

Full Changelog

Closed issues:

"Covert Redirect" Vulnerability #696
No route matches [POST] "/api/v1/auth" #694
Got this error with ActiveAdmin "wrong number of arguments (1 for 0)" #692
using devise_token_auth for API alongside standard devise gem for HTML view #689
No Headers after sign_in for new Users created by Admin #685
NoMethodError (undefined method `headers_names' for DeviseTokenAuth:Module) #684
Fast page refresh problem #683
IndexError: string not matched on User sign_in #681
skip_confirmation_notification! not working #679
Bump version to support devise 4.1.1 #659
not working with latest version of active_model_serializers #600

Merged pull requests:

Fix Migration Deprecation Warning #700 (juddey)
Apply redirect\_whitelist to OAuth redirect URI. #699 (lynndylanhurley)
add zh-CN.yml #697 (halfray)
update README.md #693 (nhattan)

0.1.38

Full Changelog

Implemented enhancements:

Rails generator to update views #33
Extract Omniauth attributes assignation into a method #31

Fixed bugs:

Generator doesn't work correctly with mongoid and/or rails-api #14
Generator issues #13

Closed issues:

rails g devise_token_auth:install User auth hangs and does nothing #671
callback :set_user_by_token has not been defined #649
Issues with active_model_serializers #644
Error with devise #643
undefined method `token_validation_response' #635
when password is reset from UI, all tokens must be removed if remove_tokens_after_password_reset is true #634
Relax devise dependency to allow 4.1 #631
Rails 5 generator doesn't insert concern #627
NoMethodError (undefined method `find_by_uid') in production. #625
Curl not working for sign_in but works on ng-token-angular #620
After Sign-in success, The following requests on Angular side are unauthorized. #619
Omniauth - Facebook app doesn't run callback url after successful Facebook authentication #615
:authenticate_user! wired behaviour #614
current_user is nil, request headers are all upcased and prefixed with HTML_ #611
Problem in generated routes #607
Rails 5 API Mode - no headers in response #606
Filter chain halted as :authenticate_user! rendered or redirected #603
422 Unprocessable Entity when using local IP address #601
overriding rendering methods in devise_token_auth #597
redirect_url is missing in email instructions sent to the user for password reset #588
Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password_confirmation":"abcdefgh"} #587
can't authenticate user when opening a new download tab #582
Mails are not being sent #581
current_user seems to be nil after doing requests from different tabs #579
Do we have any rspec helpers to sign_in an user? #577
Cannot override json response of authenticate_user! #575
return custom json data after sign_in #567
/auth/validate_token works but getting 401 unauthorized when sending request with auth headers #550
Where is the access key of omniauth provider? #549
How this gem is different from a JWT system? #543
Improper formatting for JSON API error/success responses #536
Is it a hybrid authentication system? #527
check_current_password_before_update still requires password when resetting password #526
Manually authenticate for testing #521
Support for STI #517
JSON responses don't fit JSON_API requirements #512
Not working with rails 5 and devise master #504
Unpermitted parameters: confirm_success_url, config_name, registration #501
set_user_by_token not defined in production for rails 5 #500
Master branch no longer working with devise master branch (version error) #498
uid is not getting set in git revision 996b9cf23a18 #497
ve_model_serializer namespace #492
User remains logged in when using devise and devise_token_auth in the same app #486
DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 #482
validate_token - resource_name - undefined method `name' for nil:NilClass #480
Helpers being loaded for Rails API's #468
Unable to call rails g devise\_token\_auth:install within rails engine #465
locales errors.messages.already\_in\_use seems broken #463
It shows "An error occurred" after omniauth callback #445
- #444
Put Access Token in body #442
Unable to add a new param for sign up #440
Undefined method provider from devise_toke_auth concerns/user.rb #438
Scoped DeviseToken but it still affects the original Omniauth redirects. #429
Can't create user via api #422
Password Reset question, do I need my own form? #418
Large Size on Disk #415
The validate_token function in the readme is missing a parameter #413
Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module #406
change_headers_on_each_request and batch requests #403
Multiple users, returning(and creating) wrong model's auth token #399
Can't verify CSRF token authenticity #398
uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt #393
Sign in not success. #388
password length #380
Devise token auth not found routing error #379
Defining a custom primary key #378
seeing other users data after login/out with different users on ionic #375
omniauth: when redirecting, user object should not be serialized into url #368
getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser #367
omniauth callback redirect not working properly when using namespace/scope #362
invalid token in method set_user_by_token on RegistrationsController#update #357
Allow devise patch version updates #351
Error validating token #348
Allow for HTTP Basic Auth ? #337
Allow Omniauth user reset password #335
NameError (uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt) #333
Unpermitted parameters: format, session #328
devise token auth + Save Facebook auth_hash info in database #326
Error sending password reset email when not using confirmable (reopened #124) #321
Routing error / Preflight request / OPTIONS #320
delete tokens after password change #318
Can't authorize (user_signed_in? always show false) #315
Warden::SessionSerializer - wrong number of arguments (2 for 1) #312
The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController #309
Having 401 Unauthorized only with mobile #305
remove unused nickname, image from user object #304
HI, This is more of a doubt since I could not finding anything related to this in your documentation. #300
Getting 401's when making requests using iOS/Android clients #299
undefined method `tokens' for #<Hash:0x000000063f0920> #297
Confirmation URL giving bad arguments #293
set_user_by_token not called in overriden controller #291
Question: Should we send password reset instructions to unconfirmed emails? #287
NoMethodError (undefined method `[]' for nil:NilClass): #286
Facebook omniauth redirection is missing url when testing on localhost #285
No route matches [GET] "/users/facebook/callback" #280
No route matches [GET] "/omniauth/:provider" #278
How to refresh token/expiry? #275
wrong number of arguments (1 for 0): in DeviseTokenAuth::RegistrationsController#create #274
Can not save a user with nil tokens attribute #271
Shouldn't validate_token param be access-token, not auth_token? #270
include associations on login #269
Failure route not handled #262
Getting Unauthorized error even after sending the correct token, uid and client #261
Weird error message #259
undefined method `provider' for #<User:0x007f49fd5da2e8> #257
Custom Serializer like ActiveModel Serializer #249
File download with query params #246
Info: is devise_token_auth compatible with rails 3.2.19? #245
Headers required for different methods #243
Unpermitted parameters: format, session, lang #239
On sign_in, devise_token_auth expects the uid to be the same as the email #237
Name conflict with inherited_resources #236
sign_in will not fetch the token #234
Remove ('#') symbol when using html5mode in locationProvider #232
Log in request 401 error #231
User Registration - "email address already in use" when it is unique #230
Devise email validation disabled...why? #229
confirm_success_url error not working #226
pending_reconfirmation called when confirmable isn't used #224
omniauth_success.html.erb JSON bug #221
Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application #218
Where can I got token? #217
URI fragment prevent to send params in Confirmation URL #213
Generating many client tokens #210
Limit tokens hash? #208
500 error returned when no data is POSTed to registration controller #203
undefined method `match' for nil:NilClass #201
DELETE method becoming OPTIONS @ Heroku #197
40 Mb log file and 1 minute to have token with curl #195
401 unauthorized #193
GET requests to sign_in shouldn't raise an exception #190
Api not locked by default #189
Rails 4.1 #187
Unable to override OmniauthCallbacksController#redirect_callbacks #186
Token based authentication with no sessions #183
undefined method `authenticate_user!' #182
confirm_success_url shouldn't be a required param #176
Provide an OAuth implementation for native apps #175
getting an argument error when trying to use omniauth #174
Sign in via username doesn't seem to work correctly. #173
Cannot use + sign in email address. #171
How can i authenticate using curl and get private entries ! #167
Pessimistic Locking produces ArgumentError #165
POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API #162
Sign out just on client side ? #161
Unpermitted parameter: redirect_url #160
Issues using devise and devise_token_auth #159
Add role based authorization #158
Not compatible with ActiveAdmin #156
[Duplicate] is devise_invitable supported? #154
User can register with a "false" email #149
/validate_token #148
Email confirmation link #147
Tokens field on database #146
Twitter OAuth always throughs CookieOverflow #145
Is there a way to configure apiUrl for both dev and prod? #144
Getting 401 unauthorized on login attempt #142
Comparing with jwt #140
Can't get omniauth to work (error in redirect_callbacks) #139
Change controller inheritance #138
Reset Password call returns 400 for Not Found user #137
The gem is too big. Please take care of it. #136
Error when loging with facebook the second time without logout #135
OmniAuth redirect doesn't work if using the generated mount_devise_token route #133
Missing template /omniauth_response #132
Unpermitted parameter: session #130
OAuth error: We're sorry, but something went wrong #129
Would it be useful to integrate login with username ? #127
Sign in with login instead of email #126
Error sending password reset email when not using confirmable #124
Using expired token for parallel calls #123
User tokens don't properly deserialize #121
Could not load 'omniauth' #118
bad argument (expected URI object or URI string) #116
devise_token_auth for public API, but devise for rest of app? #114
Omniauthable deleted on UsersConcern : Why ? #111
Unrequired route #110
raises NoMethodError instead of displaying error when email is missing #108
Error with RailsAdmin. "The action 'new' could not be found for DeviseTokenAuth::SessionsController" #107
Circular dependency detected while autoloading constant Api #106
Can't Authenticate via cURL #105
Unpermitted parameters: user, registration #104
BCrypt::Errors::InvalidSalt errors #103
Active job token expiring integration #102
The action 'new' could not be found for DeviseTokenAuth::RegistrationsController #100
Disable confirmable #99
responders - rails 4.2 #98
forward skip to devise #97
API versioning the devise scope of token validation and ominiauth controller path will wrap up #96
Overwriting default "from" email address #94
uninitialized constant DeviseTokenAuth #92
change_headers_on_each_request not working expiry header empty #90
Gem render consistency #87
Sample Sessions Controller for logging in via Rails View. #86
Change authorization key: Use phone_number instead of email #84
Conflict with active_admin gem #83
NoMethodError in DeviseTokenAuth::OmniauthCallbacksController#redirect_callbacks #82
All the APIs are getting 'Authorized users only' #81
Is Devise option Rememberable required ? #80
Problem with skip_confirmation! #78
Cannot reset password if registered by omniauth #77
NoMethodError at /omniauth/facebook/callback - undefined method `[]' for nil:NilClass #76
Remove dependency on ActiveRecord #72
Skipping Registrations Controller Altogether #70
Problem in validate_token if the model is in a namespace #69
Cannot send confirmation email if there is no 'User' model #68
Better guidelines for contributors #65
admin namespace #63
Devise trackable module not working #62
Devise_token_auth without OmniAuth authentication #60
Reset Password error #59
Confirmable - unconfirmed email #58
Email Column Isn't Used for Database Authentication #56
Unique Key for Provider and UID Combination #55
User Info in separate table or removed #53
rename @user to @resource #48
Active_admin issue #47
Possible Logout Issue #46
Routes not appended to routes.rb #45
Return resource.errors.full_messages in addition to resource.errors #44
Devise and Devise_Token_Auth in api namespace #43
Trackable attributes are not being updated. #42
Avoid using respond_to in application controller #41
devise_token_auth assumes you want the :confirmable functionality #40
undefined method `match' for nil:NilClass #39
Expired token aren't removed when session expires #38
sign_up helper #37
self.tokens[client_id]['token'] != token #30
How is the uid generated for non-omniauth users? #29
Access to current_user variable? #28
Filter chain halted as :require_no_authentication #27
Allow additional parameters for registration #25
Cannot add more parameters at sign_up #22
Error on Registration #21
Error with authentication #20
Cascade of Issues with Omniauth(?) #18
Batch Requests Respond with Original Auth Token #17
Sign out with email provider error #16
sessions_controller.rb #12
Github login in example is broken #10
Facebook auth is broken #9
Generator is not working #8
Test ticket from Code Climate #6
Test ticket from Code Climate #5
extending the devise_token_auth user model #4
A few ideas #3
Google Oauth2 does not set cookies in production. #1

Merged pull requests:

Fix for issue #600 #674 (milep)
Fix setup config example in README #665 (guich-wo)
added bypass_sign_in for next version of Devise #663 (KendallPark)
fix method 'is_json_api' with active_model_serialier v 0.10.0 #651 (woodcrust)
Tokens count overmuch fixed #650 (JerryGreen)
updates config wrapper to conform with newer idiom #648 (bvandgrift)
Adding support for devise 4.1.1 #642 (iainmcg)
Updating Devise dependency to max 4.1.1 #641 (TGRGIT)
Fix yields from controller actions #638 (tiagojsag)
Fix generator to correctly inject content into the user model in rails 5 #636 (ethangk)
fix spelling in comment on token auth concern #632 (dandlezzz)
fixed devise deprecation warning for config.email_regexp #618 (lemuelbarango)
Revert "Update readme for headers names" #592 (y4ashida)
Update readme for headers names #589 (y4ashida)
Add info to README #585 (ghost)
Fix typo and remove trailing spaces #578 (y4ashida)
allowing authenticating using headers as well as a post request #576 (ingolfured)
Whitespace: tabs removed #574 (olleolleolle)
Added dutch translations #571 (nschmoller)
now possible to change headers names in the config file #569 (ingolfured)
User concern: Ensure fallback is in place #564 (olleolleolle)
Return resource with top-level 'type' member. #562 (ruimiguelsantos)
Fix devise mapping #540 (merqlove)
Make all json responses to be json_api compliant #537 (djsegal)
Avoid sending auth headers if while processing used token is cleared #531 (virginia-rodriguez)
Add Japanese locale and fix typo #530 (metalunk)
Added omniauth post route #528 (v3rtx)
Extract model callbacks #525 (merqlove)
create token when no client_id token #523 (charlesdg)
Fix enable_standard_devise_support in initializer #518 (halilim)
Make render_create_success render valid json_api #513 (djsegal)
Prevent raise of exception if set_user_by_token not defined #511 (jeryRazakarison)
send_on_create_confirmation_instructions callback isn't defined (rails 5) #508 (fivetwentysix)
[REBASE] Fix rails 5 deprecation and devise parameter sanitization #507 (fivetwentysix)
remove deprecations from RegistrationsController #506 (fivetwentysix)
Allow new devise version for rails 5 compatibility #499 (djsegal)
Spelling mistake #493 (Tom-Tom)
Improve Brazilian Portuguese locale #491 (ssouza)
fix namespaced mapping name #484 (paulosoares86)
Locale file for both zh-TW and zh-HK #483 (TravisTam)
Fixed typos and inconsistencies in ru.yml #478 (fertingoff)
Fixes Issue #362: Fixes for the omniauth redirection issue for namesp… #476 (devilankur18)
removing old tokens when user changes passwords #474 (paulosoares86)
Move travis to container based configuration #470 (ValentinTrinque)
Prevent helpers being loaded for Rails API’s #469 (djsegal)
Reduce dependencies to allow Rails 5.0 #467 (djsegal)
Fix locales errors.messages.already\_in\_use + clean up #466 (ValentinTrinque)
Added 401 response to failed group authentication #446 (rstrobl)
RU translations #441 (yivo)
to keep coherent with devise. pt instead of pt-PT.yml #436 (rmvenancio)
limiting the number of concurrent devices #434 (paulosoares86)
Raise error in controller method #430 (ArneZsng)
feat(enable-standard-devise): allow configurable support of legacy Devise authentication #428 (booleanbetrayal)
Support for i18n in mailers views #427 (ponyesteves)
Fix omniauthredirection when under scopes #425 (xjunior)
Translation to German #423 (haslinger)
fix(url): preserve query parameters when building urls #421 (nbrustein)
Change default message for already in use error and added to english … #417 (ponyesteves)
Issue #413 #414 (Carrigan)
Add .ruby-version entry to .gitignore #412 (xymbol)
404 for invalid link with password reset token #411 (rmvenancio)
Portuguese Translation #409 (rmvenancio)
Added polish translation. #405 (h3xed)
Drop .ruby-version file #404 (xymbol)
Implement hook methods for customized json rendering #384 (neutronz)
Feature/password reset with check fix #374 (jakubrohleder)
fix(oauth): fixes #368: do not serialize the entire user object in the url when redirecting from oauth #371 (nbrustein)
Fallback to ActiveModel translations in EmailValidator #369 (yivo)
Add a Gitter chat badge to README.md #360 (gitter-badger)
Improvements to the docs. #358 (aarongray)
Add description to readme about the devise.rb initializer. #356 (aarongray)
Correct handling namespaced resources #355 (yivo)
Fix concern not being inserted for rails-api apps. #350 (aarongray)
Add documentation to explain gotcha with rails-api. #349 (aarongray)
Fully support OmniauthCallbacksController action overrides. Fixes #186. #347 (tbloncar)
#340 Restrict access to controllers methods #341 (gkopylov)
fix(omniauth): fix error in setting text on redirect page #336 (nbrustein)
add Brazilian Portuguese translation (pt-BR) #331 (josiasds)
Tests to ensure standard devise has greater priority than tokens #330 (colavitam)
Fixed error when using standard devise authentication #329 (colavitam)
feat(improved-omniauth): omniauth sameWindow and inAppBrowser flows #323 (nbrustein)
Fix invalid omniauth redirect #322 (troggy)
Old password check before password update #317 (jakubrohleder)
Remove erroneous colon from before_action callback #310 (jmliu)
Disabled serialization for JSON type columns #306 (colavitam)
Set default provider to "email" in migration #302 (colavitam)
Fix an issue for not :confirmable users #296 (sebfie)
Update README.md #295 (adisos)
Fix MOUNT_PATH 'Read More' link #294 (jmliu)
Don't send password reset instructions to unconfirmed email #288 (coryschires)
Feature/i18n support #283 (sebfie)
Update documentation for validate_token #277 (adamgall)
Added json support for tokens #276 (shicholas)
perf(token_is_current?): add simplistic cache to reduce overhead of redundant token checks during validation calls #272 (booleanbetrayal)
perf(update_auth_header): only lock the resource if we are rotating tokens #267 (booleanbetrayal)
fix(email-validation): Update in-use email validation message during registration to allow full_message use #255 (booleanbetrayal)
fix(session#new): fix unhandled 500 when logging in with valid user and bad password #254 (mathemagica)
feat(ominauth): support json-formatted values in omniauth callback. #252 (nbrustein)
fix(sessions controller): call reset_session on destroy #251 (nbrustein)
fix(resource_class): support optional mapping property from set_user_by_token #250 (booleanbetrayal)
Allow current_password to be supplied when updating profile. #240 (jasonswett)
fixes password reset when not using confirmable #225 (aesnyder)
Fix error when email missing from registration params #220 (iangreenleaf)
URI fragment should appear at the end of URL #214 (edymerchk)
Super block yield (all controllers) #209 (sgwilym)
Super block yield #207 (sgwilym)
Ability to localize error message #206 (lda)
remove fragment sign ("#") from URLs without fragment #205 (tomdov)
Return 422 (was 500) when empty body for sign up and account update #204 (mchavarriagam)
Users with allowed unconfirmed access can now log in successfully. #202 (colavitam)
Authenticating an existing Warden/Devise User #200 (nickL)
GET sign_in should direct people to use POST sign_in rather than raising exception #191 (milesmatthias)
Ignore 'extra' in Twitter auth response to avoid CookieOverflow. Fixes #145. #179 (tbloncar)
Some missing as_json ? #152 (nicolas-besnard)
Check email format on registration #150 (nicolas-besnard)
Actual header key uses dashes, not underscores. #143 (ragaskar)
Username register login #128 (nicolas-besnard)
Check if confirmable is active before skipping confirmation #125 (nicolas-besnard)
Fix links to section about controller integration. #117 (Le6ow5k1)
document GET for /validate_token #113 (lukaselmer)
Fix small error in documentation. #91 (edgarhenriquez)
Exclude devise modules #85 (jartek)
fix(registration and update): Ensure UID is updated alongside Email, and case-sensitivity is honored #71 (booleanbetrayal)
Add better guidelines for contributors. #67 (edgarhenriquez)
Use resource_class to override email confirmation. #64 (edgarhenriquez)
fix(case-sensitivity): support devise case_insensitive_keys for session ... #57 (booleanbetrayal)
fix(contention): fix write contention in update_auth_headers and always ... #52 (booleanbetrayal)
Include resource.errors.full_messages in error response. #50 (jasonswett)
fix(expiry): fix an issue where token expiration checks were too permissive #49 (booleanbetrayal)
Update README with Example Generator Command #35 (wwilkins)
Remove OmniAuth dependency #26 (hannahhoward)
Update README.md #24 (davidsavoya)
guard against MissingAttributeError during common ActiveRecord operations #19 (booleanbetrayal)
Fix expiry data type #11 (lonre)
README and travis config tweaks #7 (guilhermesimoes)

Change Log

0.1.37 (2016-01-26)

Full Changelog

Closed issues:

Not working with rails 5 and devise master #504
Unpermitted parameters: confirm_success_url, config_name, registration #501
Master branch no longer working with devise master branch (version error) #498
uid is not getting set in git revision 996b9cf23a18 #497
ve_model_serializer namespace #492
User remains logged in when using devise and devise_token_auth in the same app #486
DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 #482
validate_token - resource_name - undefined method `name' for nil:NilClass #480
Helpers being loaded for Rails API's #468
locales errors.messages.already\_in\_use seems broken #463
omniauth callback redirect not working properly when using namespace/scope #362
delete tokens after password change #318

Merged pull requests:

send_on_create_confirmation_instructions callback isn't defined (rails 5) #508 (fivetwentysix)
[REBASE] Fix rails 5 deprecation and devise parameter sanitization #507 (fivetwentysix)
remove deprecations from RegistrationsController #506 (fivetwentysix)
Allow new devise version for rails 5 compatibility #499 (djsegal)
Spelling mistake #493 (Tom-Tom)
Improve Brazilian Portuguese locale #491 (ssouza)
fix namespaced mapping name #484 (paulosoares86)
Locale file for both zh-TW and zh-HK #483 (TravisTam)
Fixed typos and inconsistencies in ru.yml #478 (fertingoff)
Fixes Issue #362: Fixes for the omniauth redirection issue for namesp… #476 (devilankur18)
removing old tokens when user changes passwords #474 (paulosoares86)
Move travis to container based configuration #470 (ValentinTrinque)
Prevent helpers being loaded for Rails API’s #469 (djsegal)
Reduce dependencies to allow Rails 5.0 #467 (djsegal)
Fix locales errors.messages.already\_in\_use + clean up #466 (ValentinTrinque)
Fix omniauthredirection when under scopes #425 (xjunior)

v0.1.37.beta4 (2015-12-10)

Full Changelog

Closed issues:

It shows "An error occurred" after omniauth callback #445
- #444
Put Access Token in body #442
Unable to add a new param for sign up #440
Undefined method provider from devise_toke_auth concerns/user.rb #438
Scoped DeviseToken but it still affects the original Omniauth redirects. #429
Can't create user via api #422
change_headers_on_each_request and batch requests #403
password length #380
The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController #309
undefined method `tokens' for #<Hash:0x000000063f0920> #297
Generating many client tokens #210

Merged pull requests:

RU translations #441 (yivo)
to keep coherent with devise. pt instead of pt-PT.yml #436 (rmvenancio)
limiting the number of concurrent devices #434 (paulosoares86)
Raise error in controller method #430 (ArneZsng)
feat(enable-standard-devise): allow configurable support of legacy Devise authentication #428 (booleanbetrayal)
Support for i18n in mailers views #427 (ponyesteves)
Translation to German #423 (haslinger)
fix(url): preserve query parameters when building urls #421 (nbrustein)
Fallback to ActiveModel translations in EmailValidator #369 (yivo)

v0.1.37.beta3 (2015-10-27)

Full Changelog

Closed issues:

Password Reset question, do I need my own form? #418
seeing other users data after login/out with different users on ionic #375

v0.1.37.beta2 (2015-10-25)

Full Changelog

Closed issues:

The validate_token function in the readme is missing a parameter #413

Merged pull requests:

Change default message for already in use error and added to english … #417 (ponyesteves)
Issue #413 #414 (Carrigan)
404 for invalid link with password reset token #411 (rmvenancio)

v0.1.37.beta1 (2015-10-25)

Full Changelog

Closed issues:

Large Size on Disk #415
Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module #406
uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt #393
Devise token auth not found routing error #379
undefined method `match' for nil:NilClass #201

Merged pull requests:

Add .ruby-version entry to .gitignore #412 (xymbol)
Portuguese Translation #409 (rmvenancio)
Drop .ruby-version file #404 (xymbol)
Feature/password reset with check fix #374 (jakubrohleder)

v0.1.36 (2015-10-13)

Full Changelog

v0.1.35 (2015-10-13)

Full Changelog

Fixed bugs:

Generator doesn't work correctly with mongoid and/or rails-api #14

Closed issues:

Multiple users, returning(and creating) wrong model's auth token #399
Sign in not success. #388
Defining a custom primary key #378
omniauth: when redirecting, user object should not be serialized into url #368
getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser #367
invalid token in method set_user_by_token on RegistrationsController#update #357
Allow devise patch version updates #351
Error validating token #348
Allow for HTTP Basic Auth ? #337
Allow Omniauth user reset password #335
NameError (uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt) #333
Unpermitted parameters: format, session #328
devise token auth + Save Facebook auth_hash info in database #326
Error sending password reset email when not using confirmable (reopened #124) #321
Facebook omniauth redirection is missing url when testing on localhost #285
Failure route not handled #262
Unable to override OmniauthCallbacksController#redirect_callbacks #186

Merged pull requests:

Added polish translation. #405 (h3xed)
Implement hook methods for customized json rendering #384 (neutronz)
fix(oauth): fixes #368: do not serialize the entire user object in the url when redirecting from oauth #371 (nbrustein)
Add a Gitter chat badge to README.md #360 (gitter-badger)
Improvements to the docs. #358 (aarongray)
Add description to readme about the devise.rb initializer. #356 (aarongray)
Correct handling namespaced resources #355 (yivo)
Fix concern not being inserted for rails-api apps. #350 (aarongray)
Add documentation to explain gotcha with rails-api. #349 (aarongray)
Fully support OmniauthCallbacksController action overrides. Fixes #186. #347 (tbloncar)
#340 Restrict access to controllers methods #341 (gkopylov)
fix(omniauth): fix error in setting text on redirect page #336 (nbrustein)
Fix invalid omniauth redirect #322 (troggy)

v0.1.34 (2015-08-10)

Full Changelog

Implemented enhancements:

Rails generator to update views #33
Extract Omniauth attributes assignation into a method #31

Fixed bugs:

Generator issues #13

Closed issues:

Routing error / Preflight request / OPTIONS #320
Can't authorize (user_signed_in? always show false) #315
Warden::SessionSerializer - wrong number of arguments (2 for 1) #312
Having 401 Unauthorized only with mobile #305
remove unused nickname, image from user object #304
HI, This is more of a doubt since I could not finding anything related to this in your documentation. #300
Getting 401's when making requests using iOS/Android clients #299
Confirmation URL giving bad arguments #293
set_user_by_token not called in overriden controller #291
Question: Should we send password reset instructions to unconfirmed emails? #287
No route matches [GET] "/users/facebook/callback" #280
No route matches [GET] "/omniauth/:provider" #278
How to refresh token/expiry? #275
wrong number of arguments (1 for 0): in DeviseTokenAuth::RegistrationsController#create #274
Can not save a user with nil tokens attribute #271
Shouldn't validate_token param be access-token, not auth_token? #270
include associations on login #269
Getting Unauthorized error even after sending the correct token, uid and client #261
Weird error message #259
undefined method `provider' for #<User:0x007f49fd5da2e8> #257
File download with query params #246
Info: is devise_token_auth compatible with rails 3.2.19? #245
Headers required for different methods #243
Unpermitted parameters: format, session, lang #239
On sign_in, devise_token_auth expects the uid to be the same as the email #237
Name conflict with inherited_resources #236
sign_in will not fetch the token #234
Log in request 401 error #231
User Registration - "email address already in use" when it is unique #230
Devise email validation disabled...why? #229
confirm_success_url error not working #226
pending_reconfirmation called when confirmable isn't used #224
omniauth_success.html.erb JSON bug #221
Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application #218
Where can I got token? #217
URI fragment prevent to send params in Confirmation URL #213
Limit tokens hash? #208
500 error returned when no data is POSTed to registration controller #203
DELETE method becoming OPTIONS @ Heroku #197
40 Mb log file and 1 minute to have token with curl #195
401 unauthorized #193
GET requests to sign_in shouldn't raise an exception #190
Api not locked by default #189
Rails 4.1 #187
Token based authentication with no sessions #183
undefined method `authenticate_user!' #182
confirm_success_url shouldn't be a required param #176
Provide an OAuth implementation for native apps #175
getting an argument error when trying to use omniauth #174
Sign in via username doesn't seem to work correctly. #173
Cannot use + sign in email address. #171
How can i authenticate using curl and get private entries ! #167
Pessimistic Locking produces ArgumentError #165
POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API #162
Sign out just on client side ? #161
Unpermitted parameter: redirect_url #160
Issues using devise and devise_token_auth #159
Add role based authorization #158
Not compatible with ActiveAdmin #156
[Duplicate] is devise_invitable supported? #154
User can register with a "false" email #149
/validate_token #148
Email confirmation link #147
Tokens field on database #146
Twitter OAuth always throughs CookieOverflow #145
Is there a way to configure apiUrl for both dev and prod? #144
Getting 401 unauthorized on login attempt #142
Comparing with jwt #140
Can't get omniauth to work (error in redirect_callbacks) #139
Change controller inheritance #138
Reset Password call returns 400 for Not Found user #137
The gem is too big. Please take care of it. #136
Error when loging with facebook the second time without logout #135
OmniAuth redirect doesn't work if using the generated mount_devise_token route #133
Missing template /omniauth_response #132
Unpermitted parameter: session #130
OAuth error: We're sorry, but something went wrong #129
Would it be useful to integrate login with username ? #127
Sign in with login instead of email #126
Error sending password reset email when not using confirmable #124
Using expired token for parallel calls #123
User tokens don't properly deserialize #121
Could not load 'omniauth' #118
bad argument (expected URI object or URI string) #116
devise_token_auth for public API, but devise for rest of app? #114
Omniauthable deleted on UsersConcern : Why ? #111
Unrequired route #110
raises NoMethodError instead of displaying error when email is missing #108
Error with RailsAdmin. "The action 'new' could not be found for DeviseTokenAuth::SessionsController" #107
Circular dependency detected while autoloading constant Api #106
Can't Authenticate via cURL #105
Unpermitted parameters: user, registration #104
BCrypt::Errors::InvalidSalt errors #103
Active job token expiring integration #102
The action 'new' could not be found for DeviseTokenAuth::RegistrationsController #100
Disable confirmable #99
responders - rails 4.2 #98
forward skip to devise #97
API versioning the devise scope of token validation and ominiauth controller path will wrap up #96
Overwriting default "from" email address #94
uninitialized constant DeviseTokenAuth #92
change_headers_on_each_request not working expiry header empty #90
Gem render consistency #87
Sample Sessions Controller for logging in via Rails View. #86
Change authorization key: Use phone_number instead of email #84
Conflict with active_admin gem #83
NoMethodError in DeviseTokenAuth::OmniauthCallbacksController#redirect_callbacks #82
All the APIs are getting 'Authorized users only' #81
Is Devise option Rememberable required ? #80
Problem with skip_confirmation! #78
Cannot reset password if registered by omniauth #77
NoMethodError at /omniauth/facebook/callback - undefined method `[]' for nil:NilClass #76
Skipping Registrations Controller Altogether #70
Problem in validate_token if the model is in a namespace #69
Cannot send confirmation email if there is no 'User' model #68
Better guidelines for contributors #65
admin namespace #63
Devise trackable module not working #62
Devise_token_auth without OmniAuth authentication #60
Reset Password error #59
Confirmable - unconfirmed email #58
Email Column Isn't Used for Database Authentication #56
Unique Key for Provider and UID Combination #55
User Info in separate table or removed #53
rename @user to @resource #48
Active_admin issue #47
Possible Logout Issue #46
Routes not appended to routes.rb #45
Return resource.errors.full_messages in addition to resource.errors #44
Devise and Devise_Token_Auth in api namespace #43
Trackable attributes are not being updated. #42
Avoid using respond_to in application controller #41
devise_token_auth assumes you want the :confirmable functionality #40
undefined method `match' for nil:NilClass #39
Expired token aren't removed when session expires #38
sign_up helper #37
self.tokens[client_id]['token'] != token #30
How is the uid generated for non-omniauth users? #29
Access to current_user variable? #28
Filter chain halted as :require_no_authentication #27
Allow additional parameters for registration #25
Cannot add more parameters at sign_up #22
Error on Registration #21
Error with authentication #20
Cascade of Issues with Omniauth(?) #18
Batch Requests Respond with Original Auth Token #17
Sign out with email provider error #16
sessions_controller.rb #12
Github login in example is broken #10
Facebook auth is broken #9
Generator is not working #8
Test ticket from Code Climate #6
Test ticket from Code Climate #5
extending the devise_token_auth user model #4
A few ideas #3
Google Oauth2 does not set cookies in production. #1

Merged pull requests:

add Brazilian Portuguese translation (pt-BR) #331 (josiasds)
Tests to ensure standard devise has greater priority than tokens #330 (colavitam)
Fixed error when using standard devise authentication #329 (colavitam)
feat(improved-omniauth): omniauth sameWindow and inAppBrowser flows #323 (nbrustein)
Old password check before password update #317 (jakubrohleder)
Remove erroneous colon from before_action callback #310 (jmliu)
Disabled serialization for JSON type columns #306 (colavitam)
Set default provider to "email" in migration #302 (colavitam)
Fix an issue for not :confirmable users #296 (sebfie)
Update README.md #295 (adisos)
Fix MOUNT_PATH 'Read More' link #294 (jmliu)
Don't send password reset instructions to unconfirmed email #288 (coryschires)
Feature/i18n support #283 (sebfie)
Update documentation for validate_token #277 (adamgall)
Added json support for tokens #276 (shicholas)
perf(token_is_current?): add simplistic cache to reduce overhead of redundant token checks during validation calls #272 (booleanbetrayal)
perf(update_auth_header): only lock the resource if we are rotating tokens #267 (booleanbetrayal)
fix(email-validation): Update in-use email validation message during registration to allow full_message use #255 (booleanbetrayal)
fix(session#new): fix unhandled 500 when logging in with valid user and bad password #254 (mathemagica)
feat(ominauth): support json-formatted values in omniauth callback. #252 (nbrustein)
fix(sessions controller): call reset_session on destroy #251 (nbrustein)
fix(resource_class): support optional mapping property from set_user_by_token #250 (booleanbetrayal)
Allow current_password to be supplied when updating profile. #240 (jasonswett)
fixes password reset when not using confirmable #225 (aesnyder)
Fix error when email missing from registration params #220 (iangreenleaf)
URI fragment should appear at the end of URL #214 (edymerchk)
Super block yield (all controllers) #209 (sgwilym)
Super block yield #207 (sgwilym)
Ability to localize error message #206 (lda)
remove fragment sign ("#") from URLs without fragment #205 (tomdov)
Return 422 (was 500) when empty body for sign up and account update #204 (mchavarriagam)
Users with allowed unconfirmed access can now log in successfully. #202 (colavitam)
Authenticating an existing Warden/Devise User #200 (nickL)
GET sign_in should direct people to use POST sign_in rather than raising exception #191 (milesmatthias)
Ignore 'extra' in Twitter auth response to avoid CookieOverflow. Fixes #145. #179 (tbloncar)
Some missing as_json ? #152 (nicolas-besnard)
Check email format on registration #150 (nicolas-besnard)
Actual header key uses dashes, not underscores. #143 (ragaskar)
Username register login #128 (nicolas-besnard)
Check if confirmable is active before skipping confirmation #125 (nicolas-besnard)
Fix links to section about controller integration. #117 (Le6ow5k1)
document GET for /validate_token #113 (lukaselmer)
Fix small error in documentation. #91 (edgarhenriquez)
Exclude devise modules #85 (jartek)
fix(registration and update): Ensure UID is updated alongside Email, and case-sensitivity is honored #71 (booleanbetrayal)
Add better guidelines for contributors. #67 (edgarhenriquez)
Use resource_class to override email confirmation. #64 (edgarhenriquez)
fix(case-sensitivity): support devise case_insensitive_keys for session ... #57 (booleanbetrayal)
fix(contention): fix write contention in update_auth_headers and always ... #52 (booleanbetrayal)
Include resource.errors.full_messages in error response. #50 (jasonswett)
fix(expiry): fix an issue where token expiration checks were too permissive #49 (booleanbetrayal)
Update README with Example Generator Command #35 (wwilkins)
Remove OmniAuth dependency #26 (hannahhoward)
Update README.md #24 (davidsavoya)
guard against MissingAttributeError during common ActiveRecord operations #19 (booleanbetrayal)
Fix expiry data type #11 (lonre)
README and travis config tweaks #7 (guilhermesimoes)

* This Change Log was automatically generated by github_changelog_generator

Files

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

Change Log

v1.2.3 (2023-11-13)

v1.2.2 (2023-06-11)

v1.2.1 (2022-09-10)

v1.2.0 (2021-07-19)

v1.1.5 (2020-12-08)

v1.1.4 (2020-06-02)

Change Log

Unreleased

v1.2.2 (2023-06-11)

v1.2.1 (2022-09-10)

v1.2.0 (2021-07-19)

v1.1.5 (2020-12-08)

v1.1.4 (2020-06-02)

Change Log

v1.2.2 (2023-06-11)

v1.2.1 (2022-09-10)

v1.2.0 (2021-07-19)

v1.1.5 (2020-12-08)

v1.1.4 (2020-06-02)

Change Log

Unreleased

v1.2.0 (2021-07-19)

v1.1.5 (2020-12-08)

v1.1.4 (2020-06-02)

Changelog

v1.1.4 (2020-06-02)

Change Log

v1.1.3 (2019-09-26)

v1.1.2 (2019-08-24)

v1.1.1 (2019-08-18)

Change Log

v1.1.0 (2019-03-18)

v1.0.0 (2018-10-23)

v1.0.0rc2 (2018-09-21)

v0.2.0 (2018-08-10)

v1.0.0rc1 (2018-08-10)

v0.1.43 (2018-03-07)

v0.1.43.beta1 (2017-11-13)

Change Log

v0.1.43

Change Log

v0.1.42 (2017-05-17)

Change Log

v0.1.41

Change Log

v0.1.40 (2017-01-20)

Change Log

v0.1.39 (2016-08-16)

0.1.38

Change Log

0.1.37 (2016-01-26)

v0.1.37.beta4 (2015-12-10)

v0.1.37.beta3 (2015-10-27)

v0.1.37.beta2 (2015-10-25)

v0.1.37.beta1 (2015-10-25)

v0.1.36 (2015-10-13)

v0.1.35 (2015-10-13)

v0.1.34 (2015-08-10)