I'm redoing this right now too with the conversion to 2.0.
I have a RESTful API that requires Login and handles everything for data in multiple UIs, including logging in to 3rd Parties like FB.
I think that can.Model makes more sense here, but the names of the default functions don't in this scenario.
So what I leaned towards is a mapping like this:
But that is really not Intuitive and needs a convention to be followed anyway because .save() might be weird and id is an email address. So I decided that can.Model was the right thing but use Delegates instead of the default functionality and get the Store which I use quite a bit for Roles and Profile Info.
Auth is getting created at the App Level, but I am still struggling with what an App is now... a Component or a Control, I've been using Control, but making the root object a Component has some advantages (such as parent scope and <MyApp>)
I have a Component for the Login and another for Update/Signup screens that get automated with the Auth Model.
When I get this all sorted in the next few days, I plan to share more about it.
This is a pretty important thread to share techniques, but I think that trying to generalize it for everyone would just get a lot of annoying requests. I haven't seen 2 Apps use exactly the same security model unless they are in the same company doing SSO.
I would really like to see more Architecture recommendations for real-world apps.
Justin was really helpful when we talked about the ViewModels which are quite a bit different than simple Model and View separations. App usually has a ViewModel that contains a session, so what does Session look like if we use Auth? How do we best sync with things like LocalStorage and Cookies, you can't put Auth in LocalStorage (you can but you shouldn't)
I have a RESTful API that requires Login and handles everything for data in multiple UIs, including logging in to 3rd Parties like FB.
I think that can.Model makes more sense here, but the names of the default functions don't in this scenario.
So what I leaned towards is a mapping like this:
Auth = can.Model.extend({ findAll: 'GET /api/account', //returns a 401 if not logged in or populates Profile and Roles findOne: 'POST /api/account/{username}', //login create: 'POST /api/account', //signup update: 'PUT /api/account/{username}', //returns a 401 if not logged in or changes User/Profile destroy: 'DELETE /api/account/{username}' //logout (we don't let users remove accounts in this path)},{});But that is really not Intuitive and needs a convention to be followed anyway because .save() might be weird and id is an email address. So I decided that can.Model was the right thing but use Delegates instead of the default functionality and get the Store which I use quite a bit for Roles and Profile Info.
Auth is getting created at the App Level, but I am still struggling with what an App is now... a Component or a Control, I've been using Control, but making the root object a Component has some advantages (such as parent scope and <MyApp>)
I have a Component for the Login and another for Update/Signup screens that get automated with the Auth Model.
When I get this all sorted in the next few days, I plan to share more about it.
This is a pretty important thread to share techniques, but I think that trying to generalize it for everyone would just get a lot of annoying requests. I haven't seen 2 Apps use exactly the same security model unless they are in the same company doing SSO.
I would really like to see more Architecture recommendations for real-world apps.
Justin was really helpful when we talked about the ViewModels which are quite a bit different than simple Model and View separations. App usually has a ViewModel that contains a session, so what does Session look like if we use Auth? How do we best sync with things like LocalStorage and Cookies, you can't put Auth in LocalStorage (you can but you shouldn't)