Stimulus: Best practice for integrating with Rails and Authentication

Created on 1 Feb 2018  ·  5Comments  ·  Source: hotwired/stimulus

Decided to take a look at Stimulus for loading a few ui pieces after initial page rendering in one of our older Rails apps. Newer apps we've gone with more of the single page app backed with Rails API, but this seems like a great way of using it to load smaller elements and it works well so far.

What approach do you take to deal with the authentication issue. For example, our Devise login screen shows up in the fetched HTML since we are calling :authenticate_user! in the ApplicationController. I don't want to ignore auth on the new routes for these partials as they may contain sensitive data, but it seems like implementing a complete JWT mechanism is overkill since it wouldn't be needed everywhere.

Most helpful comment

If you're making fetch requests, add { credentials: 'same-origin' } to the options: https://github.com/github/fetch#sending-cookies

All 5 comments

Any fetch you invoke from a Stimulus controller will send the cookies along
that the session already has. So whatever authentication you need, you can
just piggyback off that already. Don't need to do anything special. Then
you can either error out with a Unauthenticated reply from the server or
return error-specific HTML to inject from the fetch.

On Wed, Jan 31, 2018 at 5:04 PM, Chris Born notifications@github.com
wrote:

Decided to take a look at Stimulus for loading a few ui pieces after
initial page rendering in one of our older Rails apps. Newer apps we've
gone with more of the single page app backed with Rails API, but this seems
like a great way of using it to load smaller elements and it works well so
far.

What approach do you take to deal with the authentication issue. For
example, our Devise login screen shows up in the fetched HTML since we are
calling :authenticate_user! in the ApplicationController. I don't want to
ignore auth on the new routes for these partials as they may contain
sensitive data, but it seems like implementing a complete JWT mechanism is
overkill since it wouldn't be needed everywhere.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/stimulusjs/stimulus/issues/87, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAAKtWRI2Z46nP2TEQm3B0XK5qZDp9a_ks5tQQ22gaJpZM4R05fO
.

I was just looking for the answer to this... I'm using devise but when it gets back to the controller current_user is nil 🤔

If you're making fetch requests, add { credentials: 'same-origin' } to the options: https://github.com/github/fetch#sending-cookies

Sweet that worked like a charm 👍 Is there a slack room or forum to discuss stimulus other than issues 😁

Closing this for now, but feel free to continue the conversation over on the new Stimulus Discourse.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

gerdriesselmann picture gerdriesselmann  ·  3Comments

saneef picture saneef  ·  4Comments

dwightwatson picture dwightwatson  ·  3Comments

ngan picture ngan  ·  3Comments

JanaDeppe picture JanaDeppe  ·  4Comments