SPA Apps + Authorisation

Posted 8 months ago by pmx

I've been trying to find a nice way to deal with authorisation on SPA apps. I'm using Vue but I think the framework is irrelevant to the problem.

It feel like there are lots of options to the problem but none of them feel 'right'. We could pass down props, we could create an auth service on the framework as a plugin that replicates the functionality of the backend server, we could route authorisation requests back to the server - maybe by websocket to avoid tons of http requests. All of these come with downsides.

I had a thought that it might be worthwhile decoupling the permissions/roles from the PHP & JS logic. All of the configuration could be store on the server in a JSON file that can be consumed by both server side and front end code to generate the logic. On the server php could read the file to generate policies & gates. In the browser javascript could do the same to generate the same functionality client side. Updating the rules in the JSON would then affect both server and client side implementations.

I'm sure there are issues with this approach that i've overlooked and I'd love to hear what others thoughts are on it? Do you think it's feasible?


Please sign in or create an account to participate in this conversation.