The TokenAuthenticatable strategy has been removed from Devise because it's vulnerable to timing attacks. As a consequence, the examples in this page are out of date.

See this gist by José Valim and some popular alternatives below.

Note: these examples are out of date.

Here is a blog post with some quick code snippets and a link to a quick example app on github. https://web.archive.org/web/20120712095509/http://zyphdesignco.com/blog/simple-auth-token-example-with-devise

And here is another blog post with a detailed example: http://matteomelani.wordpress.com/2011/10/17/authentication-for-mobile-devices/

• Devise::JWT - the only one with multiple token revocation strategies - allowlist, denylist, none (just let it expire) and so forth
• Devise Token Auth
• Simple Token Authentication
• Tiddle
• Devise::TokenAuthenticatable
• Devise Token Authenticatable
• Make sure to read this gist by José Valim if you want to implement token authentication yourself.