[Abundnce10]

We started in 2014 with a Ruby on Rails monolith and Angular frontend, both of which were good ways to move fast while we were very small. We use Webpack to build our frontend apps, and serve them using the Rails Asset Pipeline.

Within your MVP how did you handle authentication between your Angular apps and your Rails backend? I know you implemented Paladin to handle auth between your new microservices but I'm curious what auth looked like in your MVP.

Thanks!

[hassox]

Hi!

When we first started we used a pretty vanilla version of Devise. The angular application just used session based auth. The easiest way to get the MVP happening was to have Rails generate the landing page of the SPA so we got sessions for 'free'. As we started to add more options for authenticating to the application to handle micro-services and our mobile application we took advantage of Warden/Devise and implemented a custom strategy for handling JWT authentication in addition to the regular session based strategy that comes out of the box.

The JWT authentication is Guardian compatible since we use Guardian to drive Paladin. It was a relatively straight forward addition with Warden/Devise to provide authentication based on either strategy which allows us to take advantage of these different schemes with minimal updates to our core application.

[Abundnce10]

Thanks for the quick and detailed response!

I use Devise most of my Rails apps, so in my ApplicationController I have `before_action :authenticate_user!`.

Did any of your frontend Angular apps send/request data to a Rails controller? If so, did you have to configure your Angular requests to send the session cookie so it would pass the Devise auth? This is the part that I don't quite understand yet.

In my next side-project I want to continue using Rails for the backend and scaffolding for most pages but I have a small React app that I want to include as well (keeping track of stats for a basketball game). But I'm not really sure what's the best way to go about authorizing whether or not the user has the permissions to upload data to a specific profile. I've only ever used Rails/Devise and all user input occurs through a form.

If you could point me in the direction of what I should be Googling for I'd appreciate it. Best of luck with Opendoor!

[hassox]

If you're generating the page from your rails server then the cookie that is set for sessions would be already available and you can make calls without worrying too much about authentication. If you want to use tokens or OAuth strategies there's a bit more to it but you should be able to find lots of information on it with a bit of googling. Here's an article that seems to cover the basics. https://technpol.wordpress.com/2013/09/23/angularjs-and-devi...

I'd usually google for a collection of the tools I'm looking at. To find that article I searched for "spa authentication with rails and devise"

Good luck with your side project :D