Im building a Rails API. All my devise routes working fine, execpt for one : the logout.
I followed this tutorial : https://jameschambers.co.uk/rails-api
I already tried few things, like :
- tried the api/logout.json route
- tried to change rb #111 for : config.skip_session_storage = [:http_auth, :params_auth] ( config/initializers/devise.rb )
- tried to change rb #280 for : config.sign_out_via = :get ( config/initializers/devise.rb )
Im sending a DELETE request on this address : localhost:3000/api/logout, with a JWT/Bearer token.
error
"status": 500,
"error": "Internal Server Error",
"exception": "#<ActiveRecord::StatementInvalid: PG::UndefinedColumn: ERROR: column jwt_denylist.exp does not exist\nLINE 1: ...jwt_denylist\" WHERE \"jwt_denylist\".\"jti\" = $1 AND \"jwt_denyl...
rails routes
destroy_user_session DELETE /api/logout(.:format) sessions#destroy {:format=>:json}
db/schema.rb
ActiveRecord::Schema.define(version: 2021_09_01_233823) do
create_table "jwt_denylist", force: :cascade do |t|
t.string "jti", null: false
t.datetime "expired_at", null: false
t.index ["jti"], name: "index_jwt_denylist_on_jti"
end
create_table "users", force: :cascade do |t|
t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.datetime "created_at", precision: 6, null: false
t.datetime "updated_at", precision: 6, null: false
t.index ["email"], name: "index_users_on_email", unique: true
t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
end
end
app/controllers/sessions_controller.rb
class SessionsController < Devise::SessionsController
private
def respond_with(resource, _opts = {})
render_jsonapi_response(resource)
end
def respond_to_on_destroy
head :no_content
end
end
app/models/user.rb
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:jwt_authenticatable, jwt_revocation_strategy: JwtDenylist
end
config/routes.rb
Rails.application.routes.draw do
default_url_options :host => "http://localhost:3000"
namespace :api, defaults: { format: :json } do
resources :users, only: %w[show]
end
devise_for :users,
defaults: { format: :json },
path: '',
path_names: {
sign_in: 'api/login',
sign_out: 'api/logout',
registration: 'api/signup'
},
controllers: {
sessions: 'sessions',
registrations: 'registrations'
}
end
The error
ERROR: column jwt_denylist.exp does not existindicates it's looking for a column (exp) that doesn't exist on thejwt_denylisttable.Your schema shows you have an
expired_atbut noexpcolumn.From the jwt-denylist gem the schema it expects
exp. Perhaps the tutorial is out of date? Here's what the gem's documentation recommends:So i would rename the
:expired_atcolumn to:exp, e.g.rails generate migration rename_expired_at_to_exp_on_jwt_denylistand make the change method something like: