I’m using clearance for username/password (cookie) authentication in my app.
I’d like to also support token authentication, so that the same controllers can be used for user HTML and API JSON.
I would like to detect an incoming token in a header and set @current_user
based on that. I would like some, but not all, controller actions to be able to be accessed via either cookie auth or token auth.
I’m a bit surprised to not see much discussion of this around the web. Maybe I’m missing something fundamental — like maybe folks don’t typically use clearance for API authentication?
Is there a supported or recommended way to implement token authentication for apis?
Thanks!