Cookie not attached to responses when Clearance API is used directly (>= 2.3.0)

[rtymchyk]

Starting with version 2.3.0, our remember_token cookie is missing from all responses, including requests that invoke authentication code directly. Version 2.2.1 works fine.

We do not use any of the built-in controllers for authentication. Instead, here is what an API endpoint might do:

user = User.authenticate(input[:email], input[:password])
request.env[:clearance].sign_in(user) do |status|
  if status.success?
    # Success handler
  else
    # Error handler here (no error is triggered though)
  end
end

[rtymchyk]

This sounds similar to #937 but I'm seeing issues at 2.3.0, not just 2.3.1. Also our Rails server is not running in API mode (https://guides.rubyonrails.org/api_app.html), but as a traditional Rails server with API only controllers.

[MottiniMauro]

Hi @rtymchyk thanks for reporting this issue. Clearance doesn't officially support API mode, but we have some recommendations on how to use it in our wiki. If you provide an example application that I can clone and reproduce this error I would be happy to look into it and see if I can help.

[rtymchyk]

@MottiniMauro When you say 'API mode', are you referring to using ActionController::API, etc?