Auth in cordova

Authorization in Cordova

The standard authentication model via session, doesn’t work in cordova application since requests doesn’t support cookies in requests (you could workaround it but you shouldn’t), it is usually recommended use token based authorization.

Considering social app authorization there 3 options

• Write all yourself (possible only if you suppose utilize couple providers, still burden)
• auth0 too expensive
• outhio viable

The con of oauthio, it is support only session based authorization, hence you needed transform the recommended server side example to token based auth.

• Authorize as in example via session, trick here in sigin you should manually set session.crf_tokens from body parameter, since session cookies not available in cordova apps. Happily crf_tokens is just array of tokens provisioned by getToken() method and since your client get this token on first auth step, just pass it to the second step.
• After signin method invoke immediately me() method, grab user store him into db, if necessary, and create jwt token, every since after you could utilize only jwt token to validate you user.

Written with StackEdit.