There are two servers:
- one on domain A
- another on different domain B.
Let's call them A-server and B-server respectively.
A-server is a main server with its own authentication and also frontend part. B-server is a service with its own authentication.
How could I authenticate user on server B from server A within js?
I think about token-based authentication and add it to server B.
Now it could response to /sign.json path and well authenticate with token.
But token is placed in http-headers.
So, everything should be normal, right?
But these headers are hidden for js, because servers ( main A with js and B with token-based authentication ) have different domains.
Could somebody point to appropriate implementation of such kind of authentication?
Also, how it should be done well?
( For now it is too difficult to put authentication in one place and use it for all services/servers. )
It is a general question about http and tokens, but I have specific implementation:
B - Rails 4.2
gem 'devise_auth_token'
gem 'rack-cors'
//setup for rack-cors:
//in middlewares.rb
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins ENV['CONFIG_ACTION_DISPATCH_DEFAULT_HEADERS_CONTROL_ALLOW_ORIGIN'] || '*'
resource '*', headers: :any,
methods: [:get, :post, :options, :put, :patch, :delete],
expose: ['access-token', 'expiry', 'token-type', 'uid', 'client']
end
end
As you see from setup I add Expose-Headers from Token-based authentication.
