It would be nice with some good tutorials, demos and design ideas for how to go about authentication and authorization for an app (perhaps as part of official documentation as well). I have seen various approaches and plugins out there, but still feel hesitant to jump into the deep water…
I would imagine that the most common way is via auth_tickets, preferably via an external auth provider such as facebook, google etc. I have seen an ember-oauth2 library on github but who has used it with success?
I assume you have to have a callback handler on the server (fx a Rails controller action) and then take the user info and store it in the User database if not there, or retrieve the user if already previously registered. Then set the auth_ticket, and pass it on each Ajax request (fx in the header) to keep the user session going. Then perhaps a before_filter on the server controller (or clock/timer on the client side) to terminate the session/auth_ticket. Am I on the right track here?
How about authorization? I have seen discussions on how to do it, either controlled purely from the client side, or alternatively by making server-side calls (via custom ajax) and then have the server respond with the permissions for the particular action (fx using cancan lib, hooked into ActiveModel::Serializers for rails).
What are the current best-practices and experiences out there? any good demo apps showing off these techniques. Thanks!