Update Devise::Trackable last_signin_at attributes when new access token is created

[serhatbolsu]

Hello,

I am using resource_owner_from_credentials flow from doorkeeper.
I have put much efford to put trackable to work. Also suspected that other modules are also effected,
since this does not work as well.

According to->
https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Resource-Owner-Password-Credentials-flow

In order to make devise authenticate there is an alternative flow, however it does not sound good to make authentication using devise.
Is it safe to use as doorkeeper suggested or is there a missing implementation for "trackable"

Thank you,

[wireframe]

@serhatbolsu i'm not familiar with device trackable. can you provide some documentation or links for what that is? any sample code for the issue you're seeing would be helpful as well.

[serhatbolsu]

Yeah sure,

Devise Trackable is : http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable

It basically tracks user, such as login time or ip.
Since the gem currently pass-throught warden authenticate with "resource_owner_from_credentials", this also is not working.

In order to make it work, what I use is

Doorkeeper.configure do
  resource_owner_from_credentials do |routes|
    request.params[:user] = {:email => request.params[:username], :password => request.params[:password]}
    request.env["devise.allow_params_authentication"] = true
    request.env["warden"].authenticate!(:scope => :user)
  end
end

but like I said, I am not sure if this is ok and still gem is not working though

[wireframe]

Thanks for the info. I don't use the trackable extension in our apps, but I believe the devise code should fire anytime the user is set into the warden context. the devise-doorkeeper gem will automatically setup your app to support the resource_owner_from_credeintials feature. Did you configure your app w/ the installation instructions from the readme?

# config/initializers/doorkeeper.rb
Doorkeeper.configure do
  Devise::Doorkeeper.configure_doorkeeper(self)

  # extra configuration goes below
end

Here's a link to the actual implementation:
https://github.com/betterup/devise-doorkeeper/blob/master/lib/devise/doorkeeper.rb#L13-L29

[serhatbolsu]

I belive the problem is because of this #4 actually it should update the last_sign_in_at and other trackable fields.

[wireframe]

Issue #4 is a significant performance issue that updates the user record with every single valid OAuth request. That would be equivalent to updating the user's last_sign_in_at field every time they perform a GET request. We definitely do not want that behavior.

I believe what you want is to update the last_sign_in_at anytime a new access token is issued which makes perfect sense IMO.

I won't have capacity to implement this feature, but pull requests are absolutely welcomed!