Return the session cookie

We had a call about this. In short, we could reuse access tokens but then the user would see access tokens for every mobile device they have without any indication as to what is going on. So, since this really is just logging in instead of an integration which seems to be the primary purpose of access tokens, we can just use our regular session cookie for authentication.
This commit is contained in:
Stanko K.R.
2025-12-05 17:54:58 +01:00
parent 58a92f0bb7
commit c0a0786539
2 changed files with 5 additions and 10 deletions
@@ -34,16 +34,11 @@ class Sessions::MagicLinksController < ApplicationController
def respond_to_valid_code_from(magic_link)
if email_address_pending_authentication_matches?(magic_link.identity.email_address)
respond_to do |format|
format.html do
start_new_session_for magic_link.identity
redirect_to after_sign_in_url(magic_link)
end
start_new_session_for magic_link.identity
format.json do
new_access_token = magic_link.identity.access_tokens.create!(permission: :write)
render json: { access_token: new_access_token.token }
end
respond_to do |format|
format.html { redirect_to after_sign_in_url(magic_link) }
format.json { render json: { session_token: cookies[:session_token] } }
end
else
alert_message = "Authentication failed. Please try again."