I'm working on a web app similar in construction to Twitter; stateless RESTful API backed by Rails-API which will be accessed primarily by users through a JS based static client.
I want my users to be able to authenticate with CAS, but I'm having trouble wrapping my head around how to implement this with an API/client data structure, as the traditional use of CAS with rails involves redirecting the user as well as setting the session, neither of which work with a client/API relationship based application.
What's the best way to go about doing this securely?