Add authentication

[saikat]

We should not make it possible fro just anyone to hit this endpoint and start making maestro calls.

[saikat]

• make signup/login component -
  • Show "enter your e-mail to get started"
    • Has all required fields? Set a password
    • Missing required fields? Show the big vol signup form.
    • Has account? Enter password to log in.
  • add session store
  • send session info down to routes
  • Make currentUser be the current logged in user

[retrohacker]

Can we just use oauth?

[saikat]

I don't believe Blue State Digital (which is what powers go.berniesanders.com) has OAuth support, and I'd like to make it so people who have already made an account on berniesanders.com can use that account to login here. They do have an API to "check_credentials" and "create_account" which is what I'm currently planning to use.

[retrohacker]

Ah, it sounded like we were rolling our own auth system. So will they still need to create an account here? Or when they try to create an account on ground-control, will it redirect them to go.berniesanders.com?

[saikat]

The idea is when the create an account on ground-control, it actually
authenticates against go.berniesanders.com, but keeps them on ground
control. The downside is that if they go to go.berniesanders.com, they'd
need to re-authenticate, but that's ok -- there's not much you can do there
anyway other than manage events.

On Wed, Nov 18, 2015 at 4:58 PM, William Blankenship <
notifications@github.com> wrote:

Ah, it sounded like we were rolling our own auth system. So will they
still need to create an account here? Or when they try to create an account
on ground-control, will it redirect them to go.berniesanders.com?

—
Reply to this email directly or view it on GitHub
#19 (comment)
.