authenticate_or_request_with_http_token returning html instead of json

By including ActionController::HttpAuthentication::Token::ControllerMethods you include several methods, amongst others request_http_token_authentication which is simply a wrapper around Token.authentication_request. That #authentication_request-method is the culprit and sends the plain text (not HTML as your question suggests) as follows:

def authentication_request(controller, realm)
  controller.headers["WWW-Authenticate"] = %(Token realm="#{realm.gsub(/"/, "")}")
  controller.__send__ :render, :text => "HTTP Token: Access denied.\n", :status => :unauthorized
end

The trick is to override request_http_token_authentication in your ApplicationController to not call Token.authentication_request but to set the correct status and headers and then render JSON instead. Add this to your ApplicationController:

protected
def request_http_token_authentication(realm = "Application")
  self.headers["WWW-Authenticate"] = %(Token realm="#{realm.gsub(/"/, "")}")
  render :json => {:error => "HTTP Token: Access denied."}, :status => :unauthorized
end

From Rails 5, the authenticate_or_request_with_http_token method allows a second parameter with a custom message, so you could just do:

  authenticate_or_request_with_http_token('realm', json_error) do |token, options|
    check_token token
  end

authenticate_or_request_with_http_token returning html instead of json

Tags:

Ruby On Rails

Json

Rails Api

Related

Recent Posts