Comments (3)
the point is that aurelia-auth is a client side SPA-based library. The technologies you are referring too are mainly server side.
Nonetheless I'm thinking of using swagger for managing "permissions" which are in a way the same as claims, but you should realize that permissions (e.g. canEditCustomer, canDeleteCustomer) are in a SPA perspective more a user experience feature rather than a security feature. Hackers (even novice ones) can always alter the behavior what's happing in the browser.
This lib is about security (the JWT token is a secure thing). These permissions are more related to the API, that's way I'm referring here to Swagger. So, I guess I would prefer to implement permissions rather in the swagger aurelia add in (which i gave already a very very basic start).
from aurelia-auth.
I respectfully disagree, Paul. The way the initial version of Aurelia-Auth is implemented is a user experience feature - but it should not be. Aurelia application (meaning the front end of a full-stack application) most likely is not a SPA, but rather a collection of SPAs where all front end related security issues are always reflected in the back end - as for example explained here https://stormpath.com/blog/token-auth-spa/
The point I am trying to make is that I never view Aurelia as a single self-sufficient entity, but rather a (well integrated, if we our things right) part of a bigger entity - full stack app. This is why the authentication (nee, all activities under the common name account management which include Authentication, Authorization, Claims Management) has to be well integrated with Aurelia from the get-go.
I will explain this with more details in the context of two new repos I just created
- https://github.com/aurelia-guides/aurelia-auth0-sdk
- https://github.com/aurelia-guides/aurelia-stormpath-sdk
from aurelia-auth.
Nice, I will read the details over there.
thanks a lot.
from aurelia-auth.
Related Issues (20)
- Storage of authentication details fails in Safari when using Private Window HOT 3
- Custom interceptions
- oAuth2 - Login fails in IE11 due to use of String.includes() HOT 2
- Login popup closes immediately
- iphone
- Support aurelia-http-client in addition to fetch client HOT 5
- Providers clientId is not beeing setted HOT 1
- AuthorizeStep is not defined HOT 1
- Custom response message (incorrect username and/or password from server)
- Facebook login with responseType 'token'
- Update FB api version from 2.3 to latest HOT 4
- Conditional loginRedirect
- converting from oidc-client HOT 2
- Fails to process post request from Google - after now using latest version of Aurelia Webpack Babel Skeleton HOT 6
- Is this project alive? Can't login with google on sample page HOT 1
- Aurelia Fetch Client 1.3.0 change breaks auth login
- I am unable to get token when click on login with facebook. HOT 2
- Add custom headers in http request in login method
- Not redirecting after login and Authorization somehow not set
- Login using current page redirect not popup.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aurelia-auth.