Hmm, I wasn't clear enough. The auth would occur as a separate API but be primarily called from NodeJS layer rather then at each API's layer.
How did you handle structuring the rules? Samuel Richardson www.richardson.co.nz | 0405 472 748 On Wed, Feb 29, 2012 at 10:29 AM, Nicholas Faiz <[email protected]>wrote: > Hi, > > In a recent project we created an authentication and authorization API > that ran separately to the main app., and it ended up being my ideal way of > handling it (for an app that has belong to to an organisation of any > significant size). This turned out to be a great way of doings things for > SSO and role clarification (instead of every app inventing its > understanding of roles, there was a centralised 'source of truth' for them > which client apps leveraged). > > So, I would probably make the Node.js app a client of the > Authentication/Authorisation API. You have a nice breakup of services > already, so I think it'd be a mistake to bake it into the Node layer. > > Cheers, > Nicholas > > > On Wednesday, February 29, 2012 8:59:12 AM UTC+11, Samuel Richardson wrote: >> >> I'm in the process of implementing an authorisation system. I don't think >> the system is that complex but the underlying technology we're running on >> is not your typical Rails site. Essentially our setup is: >> >> Various Apis >> | >> NodeJS Server >> | >> Client Computers >> >> Various APIs do the work and on database updates, send the update to the >> Node Server. The Node server broadcasts the changes to the clients and the >> clients are your typical web browsers on the website getting realtime >> updates of what's happening in the APIs. Requests to change information go >> via the Node server as well. >> >> I have authentication working well. However, I need to implement * >> authorisation* at some layer in this stack, either the at the NodeJS >> level or at each individual API. The auth will also be attached to a user >> which is available from the Users API. >> >> I've got a few ideas of how to go about this, but wondered if anybody >> had implemented something similar? My guess is to implement at the Node >> level and before any requests which require auth, query against the users >> api asking them if the action is allowed. However, it might be easier to >> implement at a per API level via a shared gem etc. >> >> Samuel Richardson >> www.richardson.co.nz | 0405 472 748 >> > > On Wednesday, February 29, 2012 8:59:12 AM UTC+11, Samuel Richardson wrote: >> >> I'm in the process of implementing an authorisation system. I don't think >> the system is that complex but the underlying technology we're running on >> is not your typical Rails site. Essentially our setup is: >> >> Various Apis >> | >> NodeJS Server >> | >> Client Computers >> >> Various APIs do the work and on database updates, send the update to the >> Node Server. The Node server broadcasts the changes to the clients and the >> clients are your typical web browsers on the website getting realtime >> updates of what's happening in the APIs. Requests to change information go >> via the Node server as well. >> >> I have authentication working well. However, I need to implement * >> authorisation* at some layer in this stack, either the at the NodeJS >> level or at each individual API. The auth will also be attached to a user >> which is available from the Users API. >> >> I've got a few ideas of how to go about this, but wondered if anybody >> had implemented something similar? My guess is to implement at the Node >> level and before any requests which require auth, query against the users >> api asking them if the action is allowed. However, it might be easier to >> implement at a per API level via a shared gem etc. >> >> Samuel Richardson >> www.richardson.co.nz | 0405 472 748 >> > -- > You received this message because you are subscribed to the Google Groups > "Ruby or Rails Oceania" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/rails-oceania/-/1sP6-7s3TDsJ. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rails-oceania?hl=en. > -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.
