I have a .NetCore/Aurelia app where the client code and API services are all served from the same domain. Authentication is done against the API and uses cookie authentication as opposed to JWT/Auth Service.
Initially, I loaded app
as my root and added my login page as a route.
//main.js
aurelia.start().then(() => aurelia.setRoot(PLATFORM.moduleName("app")));
//app.js
configureRouter(config, router)
{
//...
config.map([ {route: "/login", name: "login" ... }, ...]);
I added auth code in the navigation pipeline to check for user authentication and redirect to the login route. Once the user is authenticated, then the user is able to navigate to other routes.
One problem with my approach is that my application shell consists of a title bar across the top, a menu bar on the left and the content to the right of the menu. The <routerview>
is the content area. So, when I go to the login
route, I need to hide the titlebar and menu – not a big deal, but a bit of an annoyance.
I toyed with the idea of catching auth in main
and setting the root based on if the user was authenticated or not. So, an unauthenticated user would have root set to login
while an authenticated user would have root set to app
.
//main.js
var root = PLATFORM.moduleName("login");
if(authService.isUserAuthenticated())
root = PLATFORM.moduleName("app");
aurelia.start().then(() => aurelia.setRoot(root));
This, of course, solves the issue of having to hide menus, etc. However, I’m not sure how to switch between roots. IOW, once a user authenticates, I need to switch to app
instead of login
. Also, if a user is authenticated (root = app
), but then admin locks the user out, the next request will come back as a 401 and the user should be redirected to login (root = login
).
So, my questions are:
- Should
login
be a root or a route? - If
login
should be a root, how do I “switch roots” when user authentication changes?