6

I have developed a single page app prototype that is using Backbone on the front end and going to consume from a thin RESTful API on the server for it's data.

Coming from heavy server side application development (php and python), I have really enjoyed the new different design approach with a thick client side MVC but am confused on how best to restrict the app to authenticated users who log in.

I prefer to have the app itself behind a login and would also like to implement other types of logins eventually (openid, fb connect, etc) in addition to the site's native login. I am unclear how this is done and have been searching - but unsuccessful in finding information that made it clear to me.

In the big picture, what is the current best practice for registering users and requiring them to login to use your single page app?

Once a user is logged in, how are the api requests authenticated? Can I store a session but how do I detect for this session in the API calls? Any answers to this would be much appreciated!

John H
  • 161
  • 2
  • it would really help to know, why my answer is down-voted. just to be constructive and have some value. – Yusubov Sep 18 '12 at 15:20

1 Answers1

1

In the big picture, what is the current best practice for registering users and requiring them to login to use your single page app?

I would look at OAuth option to free users from registration process. It is a new era where users do not want spent time to deal with creating a new account for each sites that they visit. Instead, they look forward to get instant access and do their job :)

Currently, most social media pages do have OAuth and that is one of important factors that drives users to their site. Thus, i see a big trend toward abandoning all rude force registration processes and using OAuth API's instead.

Yusubov
  • 21,328
  • 6
  • 45
  • 71
  • 1
    Since you ask, this was downvoted (by someone else) because he asked about a bunch of technical best-practices on integrating multi-login systems and authenticating API requests and you commented with "I think you should use this authentication method to free your users instead!" which is certainly a legitimate opinion for you to have about a high-level approach, but doesn't really even begin to answer any of his technical questions, and is also in contradiction to his stated goals. –  Sep 19 '12 at 01:11
  • fennec, i have answered with the best practice approach for the question that was stated. My answer may not cover all other stated questions in the body. However, De facto i have answered the highlighted question in the box. – Yusubov Sep 19 '12 at 01:38
  • ElYusubov, you have my words of explanation. It is now entirely up to you to decide whether to take them into consideration and attempt to understand why someone might find your answer to be downvote-worthy, or reject them in a defensive manner. Do what you will. I honestly don't care which you do; I won't be arguing the opinion anymore, and generally won't be paying attention to any further comment which you make here. –  Sep 19 '12 at 02:33