I think I'm just missing something obvious. I send a user a perishable token embedded in a link. They click on it, and they come back to the site. I want to log them in automatically --- authenticated by their perishable token, not the password. (I'm not building a banking app).
This seems like this should be simple, but all the examples I've found require a password. How do I skip this completely? When I try to get UserSession.create to work, it reports a validation error and will not create the user session. What is the way around this?
@user = User.find_by_perishable_token(params[:token])
if @user
if !current_user
# skip sign-in
UserSession.create!(@user.email)
# => error "You did not provide any details for authentication."
...
I have googled extensively but haven't found the answer.