Which is client and access_token

[williamhqs]

I am new to use this and working on a mobile client api, two questions:

1. How should i identify a user? My current understanding is on a http request header set access_token is this right?

But seems from the source code i should provide for uid, access_token, clientlink

uid        = request.headers['did']
    @token     = request.headers['access-token']
    @client_id = request.headers['client']

2. i can find a user.tokens like below:

 {"AOYZdDmwI7WQr8I6T4PpPw"=>{"token"=>"$2a$10$C/5f3JV7.9DZG8w.ggdCPelB6kzitWuGK4rfozHv15Hhf/x9DaCcO", "expiry"=>1473485374, "last_token"=>"$2a$10$abctsIP5bHPIm2nMXFTUH.1jPWQ5LiGTTrENjoqihWgcCkwRqbxb6", "updated_at"=>"2016-08-27T13:29:34.948+08:00"}}

which is client and which is access-token?

Thank you!

[Charlie-Hua]

uid is what used to find your user, and in your user.tokens example:
client: "AOYZdDmwI7WQr8I6T4PpPw"
token_hash: "$2a$10$C/5f3JV7.9DZG8w.ggdCPelB6kzitWuGK4rfozHv15Hhf/x9DaCcO"

you can manually check the values and learn how they work:

# check if @token matches token_hash
DeviseTokenAuth::Concerns::User.tokens_match?(token_hash, @token)
# under the hood this is what's checked
BCrypt::Password.new(token_hash) == @token

# check if token is valid
User.find_by_uid(uid).valid_token?(@token, @client_id)
# it grabs user.tokens[@client_id] and check if it's expired and if the @token matches token_hash within

check this file for more details