backbone-express-spa icon indicating copy to clipboard operation
backbone-express-spa copied to clipboard

Published 20 hours ago verified publisher icon alexbeletsky

Client side authorization

Open alexbeletsky opened this issue 11 years ago • 3 comments

Authorization API has been implemented in #12, but it's still not utilised by client. This could be rather big task, let's discuss it and split for something smaller.

What need to done:

  1. Create a simple signup page (form with username and password).
  2. Create simple login page.
  3. Update all existing API endpoints with middleware.access.validateToken.
  4. Update client side to use token while accessing any API methods.
  5. Update README with all knowledge we gather through implementation.

Scenarios:

  • If used has not logged on, it's not possible to open any application routes ('/tasks', '/contacts'), it should redirect to login.
  • Once user logged on, put access token to to localstore.
  • Use the code from README to to augment all requests with Authorize header (it reads token from localstore)
  • Once token is invalidated (recieve 401 from any API method), user have to re-login.

Anything missing?

alexbeletsky avatar Jul 01 '13 15:07 alexbeletsky

This looks thorough. I can't think of anything else.

I did mention in #20 my one concern with a hacker potentially spoofing the refreshing of the token. Although that seems very fringe

Vijar avatar Jul 02 '13 02:07 Vijar

Sounds great, let's start then.

I will take server side part, update all current endpoints. If you don't mind please take login/signup forms. As this is in place, we can integrate your Backbone.ajax magic in :)

alexbeletsky avatar Jul 02 '13 07:07 alexbeletsky

Any luck on this?

s-stude avatar Jul 20 '15 21:07 s-stude