What is the best way to find a registered user with token authentication? The way I currently do it is to query the db for the token the app sends to access the api. E.g. 'user = User.where(:authentication_token => params[:authtoken]).first '. Is this safe?
I have seen code that uses warden.authenticate and another that does the ff: the client sends the email along with the authtoken. It then uses the email to find the user and then does a devise secure compare with the sent token and the token of the user it found in the db email query. This was the solution in the devise token authenticable gist to roll your own token auth.
Should i be sending an email along with token in every request?
