Return the session cookie
We had a call about this. In short, we could reuse access tokens but then the user would see access tokens for every mobile device they have without any indication as to what is going on. So, since this really is just logging in instead of an integration which seems to be the primary purpose of access tokens, we can just use our regular session cookie for authentication.
This commit is contained in:
@@ -20,7 +20,7 @@ class ApiTest < ActionDispatch::IntegrationTest
|
||||
untenanted do
|
||||
post session_magic_link_path(format: :json), params: { code: magic_link.code }
|
||||
assert_response :success
|
||||
assert @response.parsed_body["access_token"].present?
|
||||
assert @response.parsed_body["session_token"].present?
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user