ActionController::InvalidAuthenticityToken for fresh install about graphql_devise HOT 6 CLOSED

Ok! So, as described in the Readme file, support for standard devise together with this gem is experimental and I know for a fact that some things might misbehave. But in general, there's usually a way to make it work. But for your main problem, this is the best solution I have found and the one I use (kind of) https://devise-token-auth.gitbook.io/devise-token-auth/faq#another-method-for-using-this-gem-alongside-standard-devise-updated-may-2018

So what happens is that we inherit from devise token auths controller, they inherit from Devise, and Devise inherits from your App's ApplicationController. And we can't change that in this gem (maybe in the future). So the gist of the solution is as follows:

Have a naked ApplicationController that doesn't protect from forgery or any other thing you might already have on your application controller.
Create a new controller for the full-stack side (mine is called ApplicationMainController) than inherits from application controller

ApplicationMainController < ApplicationController
Then make every full-stack controller in your app inherit from the new ApplicationMainController
. Make ApplicationMainController protect_from_forgery and everything you need for the full-stack app.

And then create another API controller that you probably already have that could go like this:

ApiController < ApplicationController

And that should do it, the main thing about this is having ApplicationController as plain as possible, specially not protecting from forgery.

I know it works! But let me know if I was unclear about something.

from graphql_devise.

Hey @single-stop-rj! I see what's going on there. So you are running this API alongside a regular full-stack rails app? If so, do you use standard devise there?

from graphql_devise.

It all makes sense now. Ok. Thank you so much.

from graphql_devise.

Yes. Thats exactly what I have!

I also have added the config item

config.enable_standard_devise_support = true in the init file, if that helps.

from graphql_devise.

Mmm just an additional note @single-stop-rj what I suggested will actually remove forgery_protection from your standard devise controllers, which is not ideal. I'll see what we can do in this gem to not force you to do that.

from graphql_devise.

@single-stop-rj #93 will take care of this, forgery_protection should not be a problem anymore and you don't have to change anything in order to avoid it. But, if you are using regular devise and if you were calling before_action :authenticate_user! in your ApplicationController, you will still need to change your controller structure as I described before.

from graphql_devise.