Closed pelted closed 6 years ago
Any fetch you invoke from a Stimulus controller will send the cookies along that the session already has. So whatever authentication you need, you can just piggyback off that already. Don't need to do anything special. Then you can either error out with a Unauthenticated reply from the server or return error-specific HTML to inject from the fetch.
On Wed, Jan 31, 2018 at 5:04 PM, Chris Born notifications@github.com wrote:
Decided to take a look at Stimulus for loading a few ui pieces after initial page rendering in one of our older Rails apps. Newer apps we've gone with more of the single page app backed with Rails API, but this seems like a great way of using it to load smaller elements and it works well so far.
What approach do you take to deal with the authentication issue. For example, our Devise login screen shows up in the fetched HTML since we are calling :authenticate_user! in the ApplicationController. I don't want to ignore auth on the new routes for these partials as they may contain sensitive data, but it seems like implementing a complete JWT mechanism is overkill since it wouldn't be needed everywhere.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/stimulusjs/stimulus/issues/87, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAKtWRI2Z46nP2TEQm3B0XK5qZDp9a_ks5tQQ22gaJpZM4R05fO .
I was just looking for the answer to this... I'm using devise but when it gets back to the controller current_user
is nil 🤔
If you're making fetch
requests, add { credentials: 'same-origin' }
to the options: https://github.com/github/fetch#sending-cookies
Sweet that worked like a charm 👍 Is there a slack room or forum to discuss stimulus other than issues
😁
Closing this for now, but feel free to continue the conversation over on the new Stimulus Discourse.
Decided to take a look at Stimulus for loading a few ui pieces after initial page rendering in one of our older Rails apps. Newer apps we've gone with more of the single page app backed with Rails API, but this seems like a great way of using it to load smaller elements and it works well so far.
What approach do you take to deal with the authentication issue. For example, our Devise login screen shows up in the fetched HTML since we are calling
:authenticate_user!
in the ApplicationController. I don't want to ignore auth on the new routes for these partials as they may contain sensitive data, but it seems like implementing a complete JWT mechanism is overkill since it wouldn't be needed everywhere.