self.tokens[client_id]['token'] != token

[ethier]

In both the token_is_current? and token_can_be_reused? method there is this line:

token_is_current?:
BCrypt::Password.new(self.tokens[client_id]['last_token']) == token

token_can_be_reused?:
BCrypt::Password.new(self.tokens[client_id]['last_token']) == token

This evaluates to false when using ng-token-auth in both methods as the token param is considerably different than the BCrypt version.

For example, this is the token param for a request:
fUq6YJdVqcoj_-xVzfJcWw

This is the self.tokens[client_id]['token']:
$2a$10$roX/NChL8GaZ5q0rS20wa.yILnY8n6RsONPtmGUy.IUqPnL.NIkle

All of this is using a vanilla device_token_auth install and default ng-token-auth (just the apiUrl specified) setup so I'm a bit stumped as to why these values are not equal.

Any ideas?

[lynndylanhurley]

Tokens are never stored directly to the database. Instead they are hashed using the same measures that Devise uses to hash passwords.

BCrypt actually overrides the == operator so that the compared token runs through the same encryption that the original token went through. The results of the encryption are compared to what is saved in the database.

Can you expand on the problem? Is the request actually failing with a 401 error?

[lynndylanhurley]

Marking as closed. Please provide more context before re-opening.

[ethier]

Yeah, sorry about that. Got sidetracked on another project. I updated to the latest beta and everything started working as expected. I was comparing the differences in versions, but nothing stood out so I'm not sure what was happening.