While working on a project recently, I encountered a problem I haven’t had to tangle with in a while: authenticating front-end applications against a Rails API. The last time I was even dabbling in this realm, jQuery was everything, CORS was still in its infancy, and JSONP was still a thing (that’s not a thing anymore, right?). The only way I ever managed to scrape by in this hostile environment was to let Rails’ asset pipeline serve up the front-end app and rely on same-origin requests and regular ol’ cookies to handle authentication. I didn’t like it, but I survived. Eventually, I got away from front-end concerns almost completely.