donkey-hotei/authenticate_via_api.rb

## authenticate_via_api.rb
# in /controllers/api/sessions_controller.rb
module Api
  class SessionsController < Devise::SessionsController
    skip_before_action :verify_authenticity_token, only: [:create, :facebook]
    respond_to :json

    # ...

    def create
      @user = warden.authenticate(scope: resource_name, recall: "#{controller_path}#new")

      if @user.nil?
        invalid_login("Invalid email or password")
      elsif @user.provider == "facebook"
        invalid_login("Must sign in via Facebook")
      else
        @user.auth_tokens.create!
        render "api/users/show"
      end
    end

    # ...

end


# in routes.rb
Rails.application.routes.draw do

  # ...

  namespace :api, defaults: { format: "json" } do
    devise_scope :user do
      post "/users/sign_in", to: "sessions#create"
      post "/users/fb_auth", to: "sessions#facebook"
      post "/users/password", to: "passwords#create"
    end

  # ...
end
	# in /controllers/api/sessions_controller.rb
	module Api
	class SessionsController < Devise::SessionsController
	skip_before_action :verify_authenticity_token, only: [:create, :facebook]
	respond_to :json

	# ...

	def create
	@user = warden.authenticate(scope: resource_name, recall: "#{controller_path}#new")

	if @user.nil?
	invalid_login("Invalid email or password")
	elsif @user.provider == "facebook"
	invalid_login("Must sign in via Facebook")
	else
	@user.auth_tokens.create!
	render "api/users/show"
	end
	end

	# ...

	end


	# in routes.rb
	Rails.application.routes.draw do

	# ...

	namespace :api, defaults: { format: "json" } do
	devise_scope :user do
	post "/users/sign_in", to: "sessions#create"
	post "/users/fb_auth", to: "sessions#facebook"
	post "/users/password", to: "passwords#create"
	end

	# ...
	end