Authorization in Cordova
The standard authentication model via session, doesn’t work in cordova application since requests doesn’t support cookies in requests (you could workaround it but you shouldn’t), it is usually recommended use token based authorization.
Considering social app authorization there 3 options
- Write all yourself (possible only if you suppose utilize couple providers, still burden)
- auth0 too expensive
- outhio viable
The con of oauthio, it is support only session based authorization, hence you needed transform the recommended server side example to token based auth.
- Authorize as in example via session, trick here in
sigin
you should manually set session.crf_tokens
from body
parameter, since session cookies not available in cordova apps. Happily crf_tokens
is just array of tokens provisioned by getToken()
method and since your client get this token on first auth step, just pass it to the second step.
- After
signin
method invoke immediately me()
method, grab user store him into db, if necessary, and create jwt token, every since after you could utilize only jwt token to validate you user.
Written with StackEdit.