InvalidAuthenticityToken on a post method called from mobile

I have a method in my UsersController called login.

def login
    user = User.find_by_jabber_id(params[:jabber_id])
    user.update(device_identifier: params[:device_identifier])
    render nothing: true

And when I call this method from my mobile, I get an error.

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

But why don’t I get errors on other actions when called from the mobile? Doing something like this

protect_from_forgery except: :login

made the error go away. I looked at this

but didnt understand much what was going on. Or is it because login is a post request and thats why this method expects the form to pass an authenticity token?

I think this could be the only reason. But am I right in assuming this?