# Rails api model devise - devise.setup do |config| devise.rb ```ruby= config.jwt do |jwt| jwt.secret = ENV['DEVISE_JWT_SECRET_KEY'] jwt.dispatch_requests = [ ['POST', %r{^/api/login$}] ] jwt.revocation_requests = [ ['DELETE', %r{^/api/logout$}] ] jwt.expiration_time = 1.day.to_i end ``` Model configuration You have to tell which user models you want to be able to authenticate with JWT tokens. For them, the authentication process will be like this: * A user authenticates trough devise create session request (for example, using the standard :database_authenticatable module). 當有session收到需要執行create action 時，就需要執行認證 * If the authentication succeeds, a JWT token is dispatched to the client in the Authorization response header, with format Bearer #{token} (tokens are also dispatched on a successful sign up). 如果執行認證成功，jwt token就會以header回傳，使用 Bear #{token}的format進行回傳 * The client can use this token to authenticate following requests for the same user, providing it in the Authorization request header, also with format Bearer #{token} client端可以用這個authenticate token去執行認證跟回應，一樣以header並用Bearer#{token} 這個format * When the client visits devise destroy session request, the token is revoked. 當client端要執行destroy session，token就會被拒絕