Signup Tokens are used as temporary references to User data that can be either used to create a User or discarded. They are useful for workflows where a user begins a signup process, but one or more additional steps must be completed before the signup is finalized, such as validating payment information. Discarding a Signup Token is easier than tracking and deleting an actual User object.
Multiple Signup Tokens for a given user may exist at once, even though only one can eventually be converted into a User. This simplifies form resubmittals or similar parts of the signup workflow.
Signup Tokens were formerly called User Tokens, which is the reason for legacy references to user_token below. Despite the legacy naming, thinking about them using the current terminology will be helpful in understanding their purpose and use.
| Field | Value | Req/Default | Notes |
|---|---|---|---|
id |
id | Auto-generated | Signup Token ID. Always starts with “utk_”. Example: |
username |
string | Required | Must be unique within Realm. |
email |
string | Required | Optional if Realm uses emails for usernames. |
first_name |
string | Optional | |
last_name |
string | Optional | |
password |
string | Required | |
password_confirmation |
string | Optional | |
credential_type |
string | Auto-generated | Type of credential stored with the Signup Token |
realm_id |
realm_id | Required |
| Method | Permissions |
|---|---|
| Get | read |
| Create | write |
Retrieve a signup token.
GET /v1/user_tokens/:token_id
AuthRocket::UserToken.find 'utk_0v6O8c6RsC9A5e2Fa9n5WX'Status: 200
{ "id" : "utk_0v6O8c6RsC9A5e2Fa9n5WX",
"first_name" : null,
"last_name" : null,
"email" : "sally@example.com",
"username" : "sally",
"object" : "user_token",
"credential_type" : "password"
}
#<AuthRocket::UserToken:0x3fc218979018>
id: "utk_0v6O8c6RsC9A5e2Fa9n5WX",
attribs: {
"username"=>"sally",
"email"=>"sally@example.com",
"first_name"=>nil,
"last_name"=>nil,
"object"=>"user_token",
"credential_type"=>"password"
}Create a new signup token.
POST /v1/user_tokens
{ "user_token" :
{ "realm_id" : "rl_0v2FcFcZnv8qpG1XWoyN9P",
"username" : "sally",
"email" : "sally@example.com",
"password" : "secret",
"password_confirmation" : "secret"
}
}
token = AuthRocket::UserToken.create!(
username: 'sally',
email: 'sally@example.com',
password: 'secret',
password_confirmation: 'secret',
realm_id: 'rl_0v2FcFcZnv8qpG1XWoyN9P'
)Status: 201, with same body as Get a Signup Token.
On success, returns same object as Get a Signup Token.
On failure, returns an object without an id, but with errors:
# => #<AuthRocket::UserToken:0x3fde5fa18df8> id: nil, ...
token.errors?
# => true
token.valid?
# => false
token.errors
# => ["Username can't be blank"]Questions? Find a Typo? Get in touch.