Add accessToken support

[ritch]

Clients should set the Authorization header using the current user's accessToken.id. This will require a couple of new APIs in loopback and strong-remoting.

Related: strongloop/strong-remoting#105 and strongloop/loopback-example-offline-sync#45

[bajtos]

To support OAuth2-based authentication, the connector should probably support authentication via cookies too.

[bajtos]

strongloop/strong-remoting#105 (comment)
I find this rather difficult to use, it took me quite a lot of debugging to find out where exactly the token should be set. I think we should add some sugar API to make this easier

app.dataSources.remote.connector.remotes.auth = {
  bearer: new Buffer(token).toString('base64'),
  sendImmediately: true
};

[BerkeleyTrue]

👍 for sugar

[bajtos]

Ideally, the connector should detect login and logout methods and update the access token automatically. Perhaps emit an event so that user code can install an event handler to persist the token in the local storage.

[lius]

The subject discussed here applies to the following scenario?

A user (using a client/browser) needs to access a model that do not exists in backend "local" database, which access another LB instance through remote connector to fetch the data.

Problem: the first backend (who receives browser requests) needs to access the remote one using the user access token, so the remote ACLs, validation and business logic could apply correctly. If I understand well, the access token used by remote connector is done at datasource level (e.g. in a boot script), but in this scenario it should be done dynamically, according to the access token sent by the browser for each concurrent request.