Johan Vauhkonen
2013-Mar-21 13:41 UTC
Single page application authentication and authorization
How would I do authentication and authorization in a single page application running with Rails as the backend? Any recommendations? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/seiyqvMx4C4J. For more options, visit https://groups.google.com/groups/opt_out.
This doesn''t quite answer your question, sorry, but this is how I handle it... For security reasons, I don''t start my single page app unless the user is already logged in. That is, my splash screen is just a regular page, using Devise, and it does the standard POST when the user clicks the log in button. It is only when they are logged in do I download anything and fire up the ajax. That just feels safer from anyone viewing the page source: you need to be trusted to see any interesting page source at all. On Thu, Mar 21, 2013 at 9:41 AM, Johan Vauhkonen <johan.vauhkonen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>wrote:> How would I do authentication and authorization in a single page > application running with Rails as the backend? > > Any recommendations? > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To view this discussion on the web visit > https://groups.google.com/d/msg/rubyonrails-talk/-/seiyqvMx4C4J. > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Jussi Hirvi
2013-Mar-21 18:05 UTC
Re: Single page application authentication and authorization
For one-page or bigger solution - I would read Chapter 8 from the http://railstutorial.org book. It describes a do-it-yourself (and hence, fully customizable) solution based on SessionsHelper. The solution provides authentication which is persistent ower browser window close (by help of cookies, of course). I am just going through that book myself, so I am just a newbie. Based on your question, I would guess that so are you. :-) - Jussi On Thursday, March 21, 2013 3:41:13 PM UTC+2, Johan Vauhkonen wrote:> > How would I do authentication and authorization in a single page > application running with Rails as the backend? > > Any recommendations? >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/tntYSVLu9IkJ. For more options, visit https://groups.google.com/groups/opt_out.
Johan Vauhkonen
2013-Mar-21 20:20 UTC
Re: Single page application authentication and authorization
Yes, I am a newbie. :) I''m also reading that book but I''ve yet got to that chapter. On Thursday, 21 March 2013 19:05:59 UTC+1, Jussi Hirvi wrote:> > For one-page or bigger solution - I would read Chapter 8 from the > http://railstutorial.org book. It describes a do-it-yourself (and hence, > fully customizable) solution based on SessionsHelper. The solution provides > authentication which is persistent ower browser window close (by help of > cookies, of course). > > I am just going through that book myself, so I am just a newbie. Based on > your question, I would guess that so are you. :-) > > - Jussi > > On Thursday, March 21, 2013 3:41:13 PM UTC+2, Johan Vauhkonen wrote: >> >> How would I do authentication and authorization in a single page >> application running with Rails as the backend? >> >> Any recommendations? >> >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/blDEVIj-NmAJ. For more options, visit https://groups.google.com/groups/opt_out.