5 comments

[ 2.3 ms ] story [ 30.6 ms ] thread
How does this deal with auth for the backend db when running in the browser?
You can offload authentication to another server and then just use the jwt. Jwt are great in that you can read them transparently and guarantee that they were signed by whatever you trust. It's a bit roll your own but it works well and is very flexible.
Wouldn't it be the same as any other single page application?
CouchDB/PouchDB has very clunky auth so IMO it's better to roll your own auth and either use a reverse proxy with a JWT or else hide the DB behind an API service.