[Possible Feature Request] Questions about a "new" mechanism for authentication / session handling

[I am looking for a reliable authentication mechanism for rails-api/SPAs and I am wondering about the addition of a “TokenStore”]

Hello Rails,

I have been using Rails 4 for about two years and have found it to be very reliable.

For a newer projects, because of the SPA (Single Page Application) trend, I have decided to try rails 5’s api mode.

However I find myself in an unsure position: while in “older applications” Devise was “the go-to” solution, for SPA and rails-api, there is no clear solution.

Before proceeding, I’d like to state one strong conviction I have: security related code should be “battle tested” - and one way to achieve this is to have a solution used by a majority of developers (as Devise is/was).

For future reference, I posted code of two (possible implementations) of a “token store” in the rails-api-core mailing list: https://groups.google.com/forum/#!topic/rails-api-core/e8nsC-q22TY.

Hamza