Advice on using oAuth Logins

Hi all,

I am using ngCordova oAuth plugin for Facebook and Google login. Also I am using Parse for my backend storage. This question is not about implementation question on oAuth.

I want some advise from your guys on design of the application. I should save the registered users to track the number of users.

What should I do with the access token obtained? Next time should I again show the login page or should not? How should I handle access token expiration?

What should be approach taken?

I am not a specialist, and cannot comment on everything that you asked, but we use Restangular here, and we configure it’s requestInterceptor so it checks if token is present in localstorage, then it will add it to headers for each request, the same check also checks if token has expired. So we do that on every api request. Something like this:
sessionCacheService.hasSession() also checks for expiration…

requestInterceptor = (headers, params, element, httpConfig) ->
      headersToUse =
        "Content-Type" : "application/json"
      if sessionCacheService.hasSession() is true
        headersToUse.Authorization = "Bearer " + sessionCacheService.getAccessToken()
      Configurer.setDefaultHeaders(headersToUse)

Thanks @yurinondual for your response.

I do not plan to use Restangular as it’s too much for my app scope.

Basically, why we need to check the token for every request, unless we want to fetch some information using oAuth? I am using OAuth just for login purpose and will never be using again the oauth details.

We are using token based, sessionless authentication. Login only returns you your token and nothing else. You use this token to access any sensitive private information by adding it to your header. For example GET /api/profile --header “X-oAuth-Token: fsduhfusdhfuisdf44435”, POST /api/profile --header “X-oAuth-Token: fsduhfusdhfuisdf44435”

And then for example if your backend is in node+express, you can write middleware for those routes to decode token (we use jwt) and check if it is valid and not expired…

Thanks. Lets see what others have in mind.