How to deploy both front end and api?

[springuper]

We want to use Aqua as an internal user system. Front end is useful for admins to manage users/groups/permissions in a straightforward UI. But we also need API to let other internal systems to get user information, redirect unauthenticated users to internal user system and redirect back when they have login.

Is there any way to reach our requirements?

[jedireza]

Thanks for creating an issue.

But we also need API to let other internal systems to get user information, redirect unauthenticated users to internal user system and redirect back when they have login.

Can you give an example use case?

[springuper]

use case:

• deploy aqua as 'http://user.company.com', root manager can manage accounts/admins in front-end gui
• deploy frame as 'http://api.user.company.com', so 'http://cms.company.com' and other internal systems can use jwt or ba authentication to login/logout and get user information
• further, we do not need implement login page in every internal systems, when user hasn't login, just redirect he/she to 'http://user.company.com/login?callback=http://cms.company.com', aqua will post the login info to the caller system after user login. In this case, we want aqua to be a SSO service

we can deploy both aqua and frame for current usage, but as they two share a lot of backend code, there may be some upgrade inconsistent issues.

[jedireza]

Aqua took Frame and added to it. Consider it a fork of Frame. I don't see a benefit of running both boilerplates and connecting them to the same same database. That sounds like a maintenance nightmare.

Side note: One cool thing about hapi is that you can create multiple connections in the same app bound to different ports. See: http://hapijs.com/api#serverconnections

The scenerio you describe is advanced so there will be more complexity getting an ideal setup. Here's what I'm thinking:

• Host Frame at api.example.com and change the basic authentication to use JWT
• Take Aqua and delete the ./server/api/*, ./server/models/* and ./server/mailer.js code since api.example.com is going to handle that stuff. You'll still need ./server/web/* to serve www.example.com.
• There will be some work to get the front-end working again.
• Change the client-side code to make requests against api.example.com
  • You'll need to change the ./client/helpers/json-fetch.js function to support JWT (by default, it's relying on the browser passing cookies automatically).
  • You'll probably also have to modify crumb config and/or remove that feature: https://github.com/jedireza/aqua/blob/ffec3a220ee36e7f7c8ec1dc105d06ee4823a1f8/client/helpers/json-fetch.js#L21-L23

I'm sure I'm missing a lot of steps you'll need to take, but those are my fist thoughts. I hope that helps.

[springuper]

@jedireza thanks a lot. I'm trying to modify aqua to use multi auth strategies for a route, so both front-end and other system can access it.

I'll update the results here.