← Back to Upcase

Best practice / least painful strategy for JS MVC auth to rails API?


(Eric Man) #1

Hey guys,

First time poster here, I was wondering what your thoughts were on the current best strategy to implement authentication to a rails powered backend API, from a JS MV* frontend? Specifically I plan to be using Backbone with Marionette.

I was planning to go the devise route, since it is established and easy to implement but have recently noticed that token_authenticable is deprecated.

The other direction I’m currently leaning, after reading all the relevant posts I could find was to separate it into two separate frontends, and after sign in from devise rendered login html page, have it re-direct to the second app, which would load a slightly different set of models/etc.

Does that approach make sense? Can I load different JS files to different routes from the asset pipeline without using something like RequireJS?

An links to examples of similar implementations would be greatly appreciated.

Thanks!
Eric


(Sean Griffin) #2

You actually don’t need to do anything special for authentication when working with a JS MVC front end. You’ll need to make sure the control will respond to JSON if you want to submit the form asynchronously, but sessions will still work the same way, regardless of whether or not you’re using AJAX to send the requests. (You should not disable CSRF protection if you use session-based authentication with a JSON API)


(Eric Man) #3

Sean, thank you very much for the prompt reply! :slight_smile: