Greg Blass

This looks like a good strategy: https://robots.thoughtbot.c...

So in the end, still a PITA, haha. I think I'd prefer your first approach in the answer below...but somehow set the time zone based on the account. The feel like the best solution would be to not have to litter models/controllers with time parsing zone parsing code and to just allow the account to set their time zone and have it just work.

Looks like this question was answered below. My use case is a multi-tenant app. All the users would be in the same place. So maybe I store the time zone on the account. Wonder if there is a way to specify a dynamic time zone like you would in application.rb based on what the account has selected.

Hey Chris! This is great. One question: How would you go about inputting time? Lets say the user is making an event or appointment. They are presented with date/time input fields. How would you handle that if different users are in different time zones? Would that require storing a time zone on the user/account?

I'm also still running into issues where randomly google maps is erroring.

I've also got my google maps in the head of my application layout and I'm wondering if thats inefficient. Should I keep it there and load it once so its always available? Or load it only on the pages that need it?

Still wondering.

Awesome! So is there any way to know for sure that the renew cron job is running? I guess one way is to just make sure I'm not getting renewal emails? It'd be nice if there was some way to check the status of a cert, or to know that the job ran?

EDIT: Yeah, guest users / anonymous users are overkill. I just dont need traditional authentication at all.

Awesome response!

Great ideas with the user agent/password. I highly doubt someone would disassemble this app in order to spam the API.

Rack-attack looks great if I ever need it. Good to know in general for any Rails app.

I totally agree with your thinking on 'deal with it later if it becomes a problem'.

Really I do not need authentication. That is where I was leaning but I wanted to be sure.

Thanks Chris!!

I'm writing a React Native app that is purely informational (medical information), with a Rails API for the back-end.

The first main question I have is whether its necessary (or a good idea) to use authentication at all. We don't want the user to have to enter any information to use it (username, password, etc). They should just be able to download the app and jump right in to use it and read the information it provides.

However, I'm thinking that I would at least want the API to only respond to someone hitting it from within the React Native app (or not? Is it considered a normal practice to have an API completly exposed in the case of an app like this which is purely information and doesn't have users, like a website?)

Second - at some point we may want to be able to store some simple preferences for that user (I.E., are they a patient or a doctor, so we can tailor the materials based on that / send them to a different home screen when the open the app). I'd guess that simple preferences like that could just be stored locally on the app, and wouldn't be a strong enough use case to make users? Obviously if they re-downloaded the app, they'd have to rechoose...but that would be fine.