User authentication in Rails API [closed]

https://stackoverflow.com/questions/23583909

19-07-2023
|

Question

Closed. This question is opinion-based. It is not currently accepting answers.

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

Closed 9 years ago.

Improve this question

I have a rails API which has several models, and controllers that return JSON. The API will be responsible for managing all the data, and there will be a 2nd app for serving the web front end.

I'm wondering where the users table and authentication controller should be.

The options would be:

Keep authentication in the API, and build a web front end that queries for users/roles etc.
Implement a Devise user in the front end, completely separate from the API.

Any idea's what the best practice is for this? Thanks for reading.

Solution

If I understand correctly, you have

1 rails app with API
1 rails app that serves the front-end, and the 1st app actually serves as backend/database for this app

Correct?

In that case I would make sure

use devise in the second (UI) app
the authentication of the API is between two servers, and you could just use a simple/effective authentication-token
the second server will protect the API from unauthorized access, since no client will ever see the url or authentication token (since it is server <-> server communication)

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow