Headers instead of sessions on scaffolding for API apps

[exocode]

I have a question regarding to scaffolding on API only apps.

Each time I scaffold an spec (controllers for example) it writes

session: valid_session

instead of

headers: valid_headers

  describe "GET #show" do
    it "returns a success response" do
      user = User.create! valid_attributes
      get :show, params: {id: user.to_param}, session: valid_session
      expect(response).to be_successful
    end
  end

Wouldn't it be better to scaffold with headers instead of sessions?
The most APIs are using JWT or other tokens to authenticate.
Aren't Sessions mostly obsolete in APIs?

  describe "GET #show" do
    it "returns a success response" do
      user = User.create! valid_attributes
      get :show, params: {id: user.to_param}, headers: valid_headers
      expect(response).to be_successful
    end
  end

[benoittgt]

This is a choice that has been made two years ago but was not motivated e985c13

I don't know if we should change that. Maybe @JonRowe have an idea? 😃

[JonRowe]

The scaffolding was based on the old controller specs, it simply wasn't something considered. Only hesitation is that switching would have to consider the difference in how headers are handled across rails versions, this would need to be tested as working on all versions of Rails and not just as "output" is correct.

[benoittgt]

@exocode Do you want to work on a PR to validate the behavior on Rails versions supported by rspec-rails?

[exocode]

@benoittgt I would give it a try :-)

[klyonrad]

I was wondering about this when I worked on my PR. I am not sure if I understand the initial problem of this issue correctly, but in my opinion this is less of an issue now because since #2288 scaffolding with the --api option does actually generate request specs that generate a valid_headers method.

[JonRowe]

Closing since I think this is solved now.