Security in angular.js with Ruby on Rails

What is the best way to make authentication?

on frontend I use Angular.js

on backend: Ruby on Rails

Rails app using as API for my frontend.

UPDATE: This is will be single page application. Frontend wiil be developed in Angular.js, backend in Ruby on Rails. In ideal I want to build backend as collection of resources returned in json.

I search best method of security implementation.

When user open the app I need to check if user authenticated. If not - go to login page, If authenticated - open that he wants and return needed resource from backend.

I think that I need to store auth token on the client side. What is the best method to generate it, or maybe Rails already generate it for me?

I don't know Angular.JS at all but I will try to provide you general information on rails that you can use with any Javascript Framework.

For authentication, you just needs:

  • A model for users
  • a controller which handle login, this method check user login/password, create a session object with all information needed (session is stored on server side and a cookie is used on client-side to associate each request to a session)
  • A controller for handling logout which basically only destroy the user's session

You have a good implementation in the rails tutorial here, or you can find several plugins (authlogic seems to be the recommendation of stackoverflow usershere).

Then, there is few differences between handling authentication with static html pages or with AJAX:

  • A HTML request will send login and password to the controller, which will automatically redirect it to another internal page once the session create
  • In AJAX, the javascript on client side should send an ajax request, look for the answer by the server (success / failure) and launch adapted actions (message if failure, redirection if success)

In both cases, the important thing is to check that the user is authenticated at at each controller otherwise anybody would be allowed to launch action or access internal information.

I'm trying to do something similar and I found this example app which has been very useful to get me going in the right direction: https://github.com/karlfreeman/angular-devise

Also checkout further discussion about it here: https://github.com/karlfreeman/angular-devise/issues/1

And here's another repo which takes a slightly different approach: https://github.com/colindensem/demo-rails-angularjs

I ended up borrowing ideas from all of the above. Here's a working demo if anyone's interested: https://github.com/jesalg/RADD