So I have 2 apps that are supposed to work together. I have app1 which is an app only our employees will be using and app2 which is a customer_portal app where customers can log in and pay their balance. I'm trying to make it so that in app1 we can create a customer account and link it up to specific customers. This process will use devise_invitable to create an account for app2 and email the selected customer a link to set up their portal app (which just accepts the invite) but for some reason, the invite link doesn't work and just redirects to the home page. So basically app2 can't sign up for an account, the account has to be created through app1 and sent to the customer via email.
I heard from someone that it should only be redirecting if the URL is incorrect. But it's a URL that's generated via the invite function
PortalUser.invite!({:name => params[:name], :email => params[:email]}, current_user)
That auto emails this link http://localhost:3000/portal_users/invitation/accept.20?invitation_token=p7UKK8Z8nKn4busWerpx
I also have an option to resend the invitation email just in case the customer requests but that sends the same email link
PortalUser.find(params[:id]).deliver_invitation
One thing I could think of it being would be if the encryption-decryption keys are different for the 2 different applications so when app2 tries to decrypt the token it just looks like the wrong token. If this is the case do you know how I would go about changing those keys to match? Or rather give app1 the encryption key of app2 and tell devise to use that encryption key for all invitations or the accounts for app2.
Edit: So I found out I could assign a secret_key in the config/initializers/devise.rb and it would work if both applications used the same key. However, I still have a question, does doing this present a security issue?
