NoMethodError (undefined method `[]' for nil:NilClass):

[nicolas-besnard]

I have this error for a couple of day now. Any leads to solve ti ?

NoMethodError (undefined method `[]' for nil:NilClass):
  devise_token_auth (0.1.32.beta10) app/models/devise_token_auth/concerns/user.rb:180:in `build_auth_header'
  devise_token_auth (0.1.32.beta10) app/controllers/devise_token_auth/concerns/set_user_by_token.rb:68:in `update_auth_header'

[nicolas-besnard]

The error disapear on 0.1.31 (was using 0.1.32.beta10)

[booleanbetrayal]

We ran into a similar issue because we had a query parameter called client which was not supposed to have anything to do with devise token auth. In certain cases, devise token auth was assuming that that value was a client_id and using it for that.

Kind of a long shot, but are you maybe doing the same thing?

[dbks]

I have the same issue on some requests.
I will try to find the differences between the working requests.

using 0.1.32-beta10.

[chirag7jain]

even I am getting the same error - /sigin_in post request - sending email and password parameters

[chirag7jain]

I made this hack

    tokens = @resource.tokens.nil? ? {} : @resource.tokens

    tokens[@client_id] = {
      token: BCrypt::Password.create(@token),
      expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i
    }

   @resource.tokens = tokens

Forgive for me for the frequent changes to my replies

[chirag7jain]

master seems to work fine

[JGantner]

I encountered the same issue with the 0.1.32 version from rubygems. My solution was to disable the cookie stuff that i hadn't removed until then. Now every thing is fine.

[hiattp]

Seeing this as well, does anyone have a good sense for what causes this issue or a reliable way to reproduce locally? It seems to be sporadic.

We are using 0.1.32-beta9.

[hiattp]

This seems to be caused by a threadsafety issue in how tokens are being set for a resource (user). If two requests come in simultaneously (e.g. a client sends duplicate sessions create requests) on a multi-threaded server the second token update will overwrite the first, so when build_auth_headerruns and looks for the token with the first client_id it will return nil and throw this error.

[nitsujri]

+1 having 500's all over the place because of this.

any quick solution/fix?

[ecauli]

+1 any solution?

[nitsujri]

@ecauli We migrated to redis_store and redis sentinel for our sessions. Since then, we haven't had an issue.

[mustela]

Guys, same error with devise_token_auth-0.1.37, any clue what is it about?

[booleanbetrayal]

Merged #523 which adds some additional resiliency. Closing this issue, but would love to hear a reproducible scenario where client_id is being legitimately omitted, etc.

[arfrank]

Seeing this error when doing a password reset password change. I believe it might be all old tokens being wiped out with the PW update, but no new token existing yet, but haven't been able to dig into internals enough to confirm.

[alexeyShumakov]

devise_token_auth-0.1.37 same error.
I just set 'change_headers_on_each_request' to true.

But devise_token_auth-0.1.36 have not this error.

[trevor-ryan-burkholder]

+1

Do we know when this will get fixed? I am having the same issue...

[pablodv]

Im having the same problem with v1.1.3 and change_headers_on_each_request setted to true

[vixtoria]

For me adding
include DeviseTokenAuth::Concerns::User
to app/models/user.rb fixed it