CODEWITHSUNDEEP
aurelia
steamrolla
steamrolla

Reputation: 2491

Aurelia Security - Authentication & Authorization

These are a couple general questions to really see different implementations of detecting authentication and authorization using Aurelia. All of this is speaking within the context of a secured back-end service.

  1. Say you are using cookie authentication with the server. How are you acknowledging that cookie in Aurelia to display to the user that they are logged in?

  2. In the Aurelia documentation(seen here), we can see the following: 

    class AuthorizeStep {
  run(navigationInstruction, next) {
    if (navigationInstruction.getAllInstructions().some(i =>                     
      i.config.settings.roles.indexOf('admin') !== -1)) {
        var isAdmin = /* insert magic here */false;
        if (!isAdmin) {
          return next.cancel(new Redirect('welcome'));
        }
    }

    return next();
  }
}

    What does /* insert magic here */ look like for you? What should it look like?

Upvotes: 2

Views: 594

Answers (1)

oscarcs
oscarcs

Reputation: 426

The app I am currently working on requests a token from the server at the 'login' route using XHR. If this request is successful, and a token was received from the backend, then the token is stored in a cookie and we route away from the login page to the main content of the app. We could then set a global variable 'loggedIn' to display that the user is logged in, etc. Each time we make further requests to the backend via XHR, we send the token with the request.

The 'magic' in the authorize step is just some logic that checks to see if the user is logged in, or in the example above, an admin.

Upvotes: 1

Related Questions