0

My use authentication case is a little unusual as explained in another question 'URL Authorization Rules' is just what I'd like to use rather than pass JWTs around and check the claims myself. The most important thing is I have a custom accessible UI for authentication so the current list of unauthenticated_action appears to be inadequate.

I have a Web SPA frontend with a Functions backend so I think I could use the 401 response to detect the need to get the user to authenticate and then retry. Does that seem workable to you?

Alternatively, a unauthenticated_action of redirectToUrl would appear to be a useful addition for myself and others. The would return 301 with the specified URL. That would obviously require a argument in the JSON/YML.

Community
  • 1
  • 1
Steve Lee
  • 5,191
  • 5
  • 17
  • 18
  • Please try to have a look at this [issue](http://stackoverflow.com/questions/20963273/spa-best-practices-for-authentication-and-session-management) and this tutorial http://brewhouse.io/blog/2014/12/09/authentication-made-simple-in-single-page-angularjs-applications.html – Bruce Chen Nov 22 '16 at 05:45
  • Thanks Bruce, that looks interesting and should help. It's certainly a clean pattern. – Steve Lee Dec 04 '16 at 14:39

0 Answers0