express-stormpath
express-stormpath copied to clipboard
How can we better support SOA flows?
I was pair programming with a customer the other day, and spent some time hacking on a solution so that he could support a SOA-style application.
He had multiple subdomain-based webapps, and was using jQuery on his front-end.
We ended up doing some hacking on CORS (for his API subdomain), as well as hacking on his jQuery code which submitted API requests, login requests, etc.
Here are some potential ideas for ways we could simplify this stuff for customers:
- Provide some configuration which allows you us to generate a CORS config for your API. Maybe you could list an array of your application's subdomains or something.
- Provide some helper tools or example code which submits front-end requests to your API backend with the right CORS data being passed. For instance, if you're using jQuery's
$.ajax
method, you need to setxhrFields: { withCredentials: true }
if you want your auth data to get passed to the subdomain.
Stuff like that.
Any suggestions?
Also: it might be cool to get a full sample app involving SOA out there, and some content around it.