Authenticate on an 'access code' using Devise in Rails 3

Question

I am working on a rails project and it has been recommended that I use Devise for my authentication and user session management.

I have two user types who need user/password authentication and another user type which I only need to authenticate with an 'access_code'. They are different models with no inheritance.

What would be the best way of doing this in Devise? Is there a way to let all these different authentication types work side by side?

I have looked at allowing users to sign in using a username or email address but how would I go about doing it using only one field? No password involved.

Answer 1

Use the Token Authentication module without the Database one. There's an example in the Devise Wiki.

These tokens, unlike the ones you find on password recovery emails for example, are permanent and stored on the database. They behave by default like service API keys, which means they do not keep the user in session and need to be supplied on every request.

To make them really sign users in:

# If true, authentication through token does not store user in session and needs
# to be supplied on each request. Useful if you are using the token as API token.
config.stateless_token = false