Should Auth.prototype.signOut pass opt variables in DELETE request?

[vlod]

Hi,
First thanks for all your hard work in creating this module!

I'm trying to hook this up (with rails and devise_token_auth) and noticed that Auth.prototype.signOut doesn't supply the opt parameter to the ajax request, like you do in Auth.prototype.emailSignIn

i.e.
$.ajax({
url: signOutUrl,
context: this,
method: 'DELETE',
data: opts, // <-- this is not present??

I want to pass pass the csrf_token that Rails requires to prevent the "Can't verify CSRF token authenticity".

Or am I doing this incorrectly?

Thanks for you help.

[vlod]

fyi created a pull request

[lynndylanhurley]

@vlod - signOut works with the current authenticated user, so it shouldn't require any params. All the data that it needs is stored in the current session.

I would recommend setting protect_from_forgery to null_session for API routes if that's possible. This plugin will provide the equivalent of CSRF protection.

Thanks for the PR, I'll review and merge ASAP

[Ruff9]

It seems like signOut requires some params, I just submitted an issue about that: #28