i preparing work on project need display dashboard online application. unfortunately, use of api not possible. dashboard can embedded in iframe. however, when displayed prompt user viewing dashboard login account.
i have 1 paid account service. there rails gems login service before iframe processed?
or proxy within rails app better route go?
any pointers appreciated!
neither rails gems nor proxy within rails work , same have same limitation.
they both running on back-end, server side.
the authentication need client side.
unless mean proxy entire thing, auth request , subsequent requests , user interactions dashboard. should work (see below)
the way authentication works (pretty universally) is: once log in system, stores cookie on browser , browser sends cookie every subsequent request.
if authenticate on backend, cookie sent rails code , die there, , users browser never know it.
also - not possible auth server side , capture cookie , have user browse site browser directly, 2 reasons:
- sometimes auth cookies use information browser or http client encrypt cookie, sending same cookie different client wont work
- you can not tell browser send cookie domain different own.
so options are, off top of head right now:
- if there login page accepts form submissions other domains, try simulate form submission directly sites "after login" page. (the page user gets directed once fill login form). modern web framework xsrf protection (cross site request forgery protection) , disallow approach security reasons.
- see if auth site uses has kind of oauth, single sign on (sso) or similar type of authentication integration can do. (similar api, may have explored option)
- proxy requests site through server. have rewrite entire html images, css, stylesheets, , other assets routed through proxy or else urls rewritten in html not relative. might hit various walls if site wasn't designed use case. things site using relative url's assets aren't proxying, site referencing non-relative url's causing cross-domain errors, etc. note hard re-write every single last assets reference, not html you're worried about, javascript can have url's in too, , css can well.
- you write bookmarklet or browser extension logs user site.
- have install lastpass
- have install tampermonkey browser extension (and others other browser), , write small user script run custom javascript automatically log user in on site
- scrape site info need , serve on own site.
ok i'm out of ideas. :)
