Devise Token Auth - Not returning tokens to client

Setting up devise_token_auth.

Keep running in to issues in the source code.

Ex:

def token_validation_response
  as_json(except: %i[tokens created_at updated_at])
end

It will be called from:

SessionsController::create > render_create_success > token_validation_response

It is my understanding that you need to get the token to the client and store it on the client side and send it with each request. I am not sure how this is supposed to work if we do not give the token to the client and except it.

except: %i[tokens created_at updated_at]

Links to source: https://github.com/lynndylanhurley/devise_token_auth/blob/c92258038c05fcc8f6a0374ccce2e63b9f8d5312/app/controllers/devise_token_auth/sessions_controller.rb#L36

https://github.com/lynndylanhurley/devise_token_auth/blob/c92258038c05fcc8f6a0374ccce2e63b9f8d5312/app/models/devise_token_auth/concerns/user.rb#L205

Maybe this might be useful to someone. The token comes in the header not the body.

Update:

I also needed to work around client side cors issues.

A few options that helped:

Vue Axios CORS policy: No 'Access-Control-Allow-Origin'

https://blog.bitsrc.io/how-and-why-you-should-avoid-cors-in-single-page-apps-db25452ad2f8

The easiest solution was executing chrome the command line:

open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_test" --disable-web-security

Source: https://alfilatov.com/posts/run-chrome-without-cors/