Devise TokenAuth and Authorization Headers

I was writing an API in rails a while back and as I started to write the client I noticed that, while using Devise’s TokenAuthenticatable strategy, there was no other way to pass the token in besides the ?token=XXXX parameter.

This was a little odd since you would expect something like a token to be able to be passed in through the Authorization headers. I ended up writing a custom devise strategy that will now allow you to pass your user’s token in via the Authorization header.

Note: This is dependent on rails’ ActionController::HttpAuthentication::Token parser, but that can easily be removed if you need to. The token is pretty simple to deconstruct.

Note 2: I submitted a pull request which was merged into devise/master - see plataformatec/devise PullRequest #2271 for some context.

Here is the gist, should you not be able to update to the latest Devise.

View Gist