Return the session cookie

We had a call about this. In short, we could reuse access tokens but then the user would see access tokens for every mobile device they have without any indication as to what is going on. So, since this really is just logging in instead of an integration which seems to be the primary purpose of access tokens, we can just use our regular session cookie for authentication.
This commit is contained in:
Stanko K.R.
2025-12-05 17:54:58 +01:00
parent 58a92f0bb7
commit c0a0786539
2 changed files with 5 additions and 10 deletions
+1 -1
View File
@@ -20,7 +20,7 @@ class ApiTest < ActionDispatch::IntegrationTest
untenanted do
post session_magic_link_path(format: :json), params: { code: magic_link.code }
assert_response :success
assert @response.parsed_body["access_token"].present?
assert @response.parsed_body["session_token"].present?
end
end