Using auth_token from request headers instead from POST/PUT parameters with Rails 3 / devise

Question

I need to use token based authentication in a Rails 3.1 API in conjunction with the most recent version of devise. No problem so far.

Now I do not want to append my :au

Answer 1

It is possible in Devise to pass a standard authentication token through query string or the header for HTTP Basic Authentication, see here. The Ruby code from the specs to pass token in the HTTP_Authorization header is

header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header

Testing from the command line with curl would go like this:

echo  "HUGP59gXsd7773a75Dvc:X" | base64
=> SFVHUDU5Z1hzZDc3NzNhNzVEdmM6WAo=
curl --header "Authorization: Basic SFVHUDU5Z1hzZDc3NzNhNzVEdmM6WAo=" \ 
     http://localhost/users.xml