Devise-jwt - 响应中不存在 Authorization 标头

问：

我的纯 API Rails 应用程序遇到了问题。我尝试使用 Devise 和 Devise-JWT 设置基于令牌的身份验证，但在使用 Postman 测试 API 时，我的响应中似乎没有收到 Bearer 令牌。我对设计、代币和一般的安全性比较陌生。您能为这个问题提供一些指导和潜在的解决方案吗？提前致谢。

  # devise.rb
  config.jwt do |jwt|
    jwt.secret = ENV['DEVISE_JWT_SECRET_KEY']
    jwt.dispatch_requests = [['POST', /api/]]
    jwt.expiration_time = 12.hours.to_i
  end

    # routes.rb
    Rails.application.routes.draw do
  namespace :api do
    devise_for :users, controllers: {
      sessions: 'api/sessions'
    }
  end
end

# api/sessions_controller.rb
class Api::SessionsController < Devise::SessionsController
  def create
    user = User.find_by('lower(email) = ?', params[:email])

    if user.blank? || !user.valid_password?(params[:password])
      render json: {
        errors: ['Invalid email/password combination']
      }, status: :unauthorized
      return
    end

    sign_in(:user, user)

    render json: {
      user: user,
      token: user.token
    }
  end

    # user.rb
    # frozen_string_literal: true

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :database_authenticatable,
         :registerable,
         :recoverable,
         :rememberable,
         :validatable,
         :trackable,
         :jwt_authenticatable,
         jwt_revocation_strategy: JwtDenylist
end

   # jwt_denylist.rb
    class JwtDenylist < ApplicationRecord
  include Devise::JWT::RevocationStrategies::Denylist

  self.table_name = 'jwt_denylist'
end

# cors.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'

    resource '*',
             headers: :any,
             methods: %i[get post put patch delete options head]
  end
end