I am building an API-only rails app, using devise to manage users, who can then create an API token for 3rd party clients that will use the API. The 3rd party clients will be able to make requests on behalf of other users using a JWT returned by devise upon logging in. So, some endpoints will be secured in 2 ways - ensuring the client has access to that endpoint, and ensuring the user on whose
My question is how should the client include *both* auth tokens (the client's api key, and the user's token) - should they both be packed in the authorization: header? and how to receive on the server side?
pipework: so, for instance, token="clienttoken&&usertoken", then in the controller, split on '&&' ?
I have a User model that has many custom_responses, trying to do a jon query to get the users where the user has more than 1 custom form response. how do i write that query in AR?