This doesn't quite answer your question, sorry, but this is how I handle it...
For security reasons, I don't start my single page app unless the user is already logged in. That is, my splash screen is just a regular page, using Devise, and it does the standard POST when the user clicks the log in button. It is only when they are logged in do I download anything and fire up the ajax. That just feels safer from anyone viewing the page source: you need to be trusted to see any interesting page source at all. On Thu, Mar 21, 2013 at 9:41 AM, Johan Vauhkonen <[email protected]>wrote: > How would I do authentication and authorization in a single page > application running with Rails as the backend? > > Any recommendations? > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msg/rubyonrails-talk/-/seiyqvMx4C4J. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
