Tag Archives: Web Tokens
While working on a project recently, I encountered a problem I haven’t had to tangle with in a while: authenticating front-end applications against a Rails API. The last time I was even dabbling in this realm, jQuery was everything, CORS was still in its infancy, and JSONP was still a thing (that’s not a thing anymore, right?). The only way I ever managed to scrape by in this hostile environment was to let Rails’ asset pipeline serve up the front-end app and rely on same-origin requests and regular ol’ cookies to handle authentication. I didn’t like it, but I survived. Eventually, I got away from front-end concerns almost completely.
At first, I got started by symlinking the front-end to public/ in my Rails app and setting
There were a few other, related problems to solve, but I want to focus on how I did authentication for the rest of this post. I had a few characteristics that I wanted to satisfy:
Authentication is one of the big parts of every application. Security is always something that is changing and evolving. In the past, we have gone over Node authentication using the great Passport npm package.
Those articles used the session based authentication however, which has problems when we talk about scaling web services and creating an API that can be consumed across many devices and services.
Now that we’ve got all the important information about token based authentication out of the way, let’s build a very simple Node API and use tokens to authenticate users that request access.