Adding more API about aurelia-auth HOT 3 CLOSED

the point is that aurelia-auth is a client side SPA-based library. The technologies you are referring too are mainly server side.
Nonetheless I'm thinking of using swagger for managing "permissions" which are in a way the same as claims, but you should realize that permissions (e.g. canEditCustomer, canDeleteCustomer) are in a SPA perspective more a user experience feature rather than a security feature. Hackers (even novice ones) can always alter the behavior what's happing in the browser.
This lib is about security (the JWT token is a secure thing). These permissions are more related to the API, that's way I'm referring here to Swagger. So, I guess I would prefer to implement permissions rather in the swagger aurelia add in (which i gave already a very very basic start).

from aurelia-auth.

I respectfully disagree, Paul. The way the initial version of Aurelia-Auth is implemented is a user experience feature - but it should not be. Aurelia application (meaning the front end of a full-stack application) most likely is not a SPA, but rather a collection of SPAs where all front end related security issues are always reflected in the back end - as for example explained here https://stormpath.com/blog/token-auth-spa/

The point I am trying to make is that I never view Aurelia as a single self-sufficient entity, but rather a (well integrated, if we our things right) part of a bigger entity - full stack app. This is why the authentication (nee, all activities under the common name account management which include Authentication, Authorization, Claims Management) has to be well integrated with Aurelia from the get-go.

I will explain this with more details in the context of two new repos I just created

• https://github.com/aurelia-guides/aurelia-auth0-sdk
• https://github.com/aurelia-guides/aurelia-stormpath-sdk

from aurelia-auth.

Nice, I will read the details over there.
thanks a lot.

from aurelia-auth.