Allow setting user id of a connection from inside the WebApp.connectHandlers

[mitar]

Currently it is really painful to do any HTTP based authentication. It seems the best way is that a client calls a Meteor method on load and then that one logs the user it.

I think it would be great if you could do this inside the WebApp.connectHandlers so that the connection user establishes would already have userId associated with it.

[dr-dimitru]

@mitar do you see a way to accomplish this, without breaking one of the main Meteor's policies about cookies?

We were trying to accomplish it via get/post queries also, see this thread

[mitar]

Yea, I do not care about cookies here. For me it is to allow one to have a sign-in link which can work on the server already. Instead of having to load client code which then calls a method to the server.

[dr-dimitru]

@mitar What use-case would you cover?

[mitar]

My main use case is that a parent app wants to embed a Meteor app and it should be able to control who is logged in.

This feature for me would just make login simpler. Instead of having to do one extra roundtrip.

[doctorpangloss]

Embedding a meteor application is pretty tricky. The easiest way to allow users in one application to log into a meteor application is through OAuth2.

If you don't want to do that, because multiple sign-ons is a specific user request, copy accounts-password and accounts-base from github.com/meteor/meteor to your application's packages folder, and re-implement their highest-level methods to use your parent application's database and password format.

The WebApp.connectHandlers are ill-suited for custom authorization handling.

[mitar]

I think what I would like is that I could set in WebApp.connectHandlers something that once the default handler picks it up, it can use the userId from there (or any other connection attribute). It should not be too hard, but it is not possible with existing core code.