Attaching Access Token in other requests

[egimenos]

Hello, this is more a doubt than a proper issue.

I am buliding a feature for users to edit some of the custom User fields (name, avatar).

After succesfully editing, I want to rebuild the token with the new fields and attach the access token to the response request, so the frontend can grab the token after the update action and properly syncronize these fields in the client.

I thought that I could use the method create_token_and_set_header(resource, resource_name) just before responding, so I implemented it this way:

class Api::V1::UsersController < Api::V1::BaseController
  before_action :authenticate_and_set_user
  def show
    render_object(current_user, :ok)
  end

  def update
    if current_user.update(user_params)
      create_token_and_set_header(current_user, User)
      render_object(current_user, :ok)
    else
      render_errors(current_user)
    end
  end

  private

  def user_params
    params.require(:user).permit(:name, :avatar)
  end
end

The token is being generated with the right custom fields updated, and the token is being attached to the request, so I can grab it in the client. The problem is that all the requests being make with this new token result in 401 error.

What I am missing?.

Thanks in advance!

[Gokul595]

@egimenos Try passing the 2nd argument to the method create_token_and_set_header as 'user' instead of User, it should work.

E.g. create_token_and_set_header(current_user, 'user')

[egimenos]

It definitely works this way. I was sure that was the first I tried and I received an error, not sure what happened.

Anyway, thank you very much for your support and your work with this gem 👍

[Gokul595]

@egimenos If you don't mind, can you please share some info about why you are generating a new token when old one is still valid? Do you have any data of user encoded in the token which will be used in other requests?

[egimenos]

Sure. I am passing some custom data in the token claims (avatar, name) that I use in my frontend. When the user logins, I get the token from the response and store it in localstorage, then these fields that comes with the token are used in the UI. When a user updates data in a profile form such as the name, after succesfully update this info in the backend I want the response to include a new token with the updated claims so everything is synced between the UI and the backend.

[Gokul595]

Great. Thanks for sharing 👍

[Gokul595]

@egimenos FYI, I have converted the issue to a discussion.