Just to add to what Alex said. We also wouldn't expect you to be knowledgable on _all_ the tools we use. We have a very open team that's happy to help and mentor.
When we first started we used a pretty vanilla version of Devise. The angular application just used session based auth. The easiest way to get the MVP happening was to have Rails generate the landing page of the SPA so we got sessions for 'free'. As we started to add more options for authenticating to the application to handle micro-services and our mobile application we took advantage of Warden/Devise and implemented a custom strategy for handling JWT authentication in addition to the regular session based strategy that comes out of the box.
The JWT authentication is Guardian compatible since we use Guardian to drive Paladin. It was a relatively straight forward addition with Warden/Devise to provide authentication based on either strategy which allows us to take advantage of these different schemes with minimal updates to our core application.
I use Devise most of my Rails apps, so in my ApplicationController I have `before_action :authenticate_user!`.
Did any of your frontend Angular apps send/request data to a Rails controller? If so, did you have to configure your Angular requests to send the session cookie so it would pass the Devise auth? This is the part that I don't quite understand yet.
In my next side-project I want to continue using Rails for the backend and scaffolding for most pages but I have a small React app that I want to include as well (keeping track of stats for a basketball game). But I'm not really sure what's the best way to go about authorizing whether or not the user has the permissions to upload data to a specific profile. I've only ever used Rails/Devise and all user input occurs through a form.
If you could point me in the direction of what I should be Googling for I'd appreciate it. Best of luck with Opendoor!
If you're generating the page from your rails server then the cookie that is set for sessions would be already available and you can make calls without worrying too much about authentication. If you want to use tokens or OAuth strategies there's a bit more to it but you should be able to find lots of information on it with a bit of googling. Here's an article that seems to cover the basics. https://technpol.wordpress.com/2013/09/23/angularjs-and-devi...
I'd usually google for a collection of the tools I'm looking at. To find that article I searched for "spa authentication with rails and devise"
Ezra was an inspiration to me. My first ever OS contribution was to merb, and his was so helpful, it inspired me to keep going. It was great to work with him on that project, and later at Engineyard. So sorry to hear of his passing.
