Re: [Rails] Single page application authentication and authorization

[Paul]

This doesn't quite answer your question, sorry, but this is how I handle it...

For security reasons, I don't start my single page app unless the user is already logged in. That is, my splash screen is just a regular page, using Devise, and it does the standard POST when the user clicks the log in button. It is only when they are logged in do I download anything and fire up the ajax.

That just feels safer from anyone viewing the page source: you need to be trusted to see any interesting page source at all.

On Thu, Mar 21, 2013 at 9:41 AM, Johan Vauhkonen <johan.v...@gmail.com> wrote:

How would I do authentication and authorization in a single page application running with Rails as the backend?

Any recommendations?

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/seiyqvMx4C4J.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Jussi Hirvi]

For one-page or bigger solution - I would read Chapter 8 from the http://railstutorial.org book. It describes a do-it-yourself (and hence, fully customizable) solution based on SessionsHelper. The solution provides authentication which is persistent ower browser window close (by help of cookies, of course). 

I am just going through that book myself, so I am just a newbie. Based on your question, I would guess that so are you. :-) 

- Jussi