Return the session cookie
We had a call about this. In short, we could reuse access tokens but then the user would see access tokens for every mobile device they have without any indication as to what is going on. So, since this really is just logging in instead of an integration which seems to be the primary purpose of access tokens, we can just use our regular session cookie for authentication.
This commit is contained in:
@@ -34,16 +34,11 @@ class Sessions::MagicLinksController < ApplicationController
|
||||
|
||||
def respond_to_valid_code_from(magic_link)
|
||||
if email_address_pending_authentication_matches?(magic_link.identity.email_address)
|
||||
respond_to do |format|
|
||||
format.html do
|
||||
start_new_session_for magic_link.identity
|
||||
redirect_to after_sign_in_url(magic_link)
|
||||
end
|
||||
start_new_session_for magic_link.identity
|
||||
|
||||
format.json do
|
||||
new_access_token = magic_link.identity.access_tokens.create!(permission: :write)
|
||||
render json: { access_token: new_access_token.token }
|
||||
end
|
||||
respond_to do |format|
|
||||
format.html { redirect_to after_sign_in_url(magic_link) }
|
||||
format.json { render json: { session_token: cookies[:session_token] } }
|
||||
end
|
||||
else
|
||||
alert_message = "Authentication failed. Please try again."
|
||||
|
||||
Reference in New Issue
Block a user