Hello everyone!
I am beginning to dive into a new project and have ran into a requirement that I need some help thinking through.
I was prepared to follow token authentication type structure for authentication but was then told we need to not show any of the javascript (or as absolute little as possible) before authentication. This has me a little puzzled given single page javascript apps.
I’m using the, very helpful, ember-app-kit which has great tools that compile everything down to a minified and obfuscated single javascript file, which I thought was good enough for security, but apparently its not.
Having the entire app loaded once, and even in a single compiled js file, what is best practice for accomplishing this?
I had one thought of my own and have found another potential.
A ) coming from rails, I thought I could just build a very thin rails app that handles authentication in a server side view that doesnt load any of the app js. Then on successful authentication, transition the user to a view that loads all of the JS for the app and go from there.
B ) I found some talk of new functionality in ember-data (forgive me if I’m wrong) that allows you to async load javascript files in the models. This seems like it could work but also seems very complex and I’m not sure if It’ll totally work cause they want to hide not only models but things like app routes (basically everything but login)
Would love to hear from people on best practices for this type of scenario.
Thanks