Alternatives for authentication on Server


#1

Friends,

I’m developing an app that will log in to a server through a social network account. I’m currently using the InAppBrowser plugin and is working well.

But the app has several problems in the version of Android less than 4.4: slow, visual bugs, crashes.

Installing Crosswalk solves these problems of performance and visual bugs. But the authentication server through the InAppBrowser no longer works.

I need suggestions for alternative ways to authenticate to the server through social networks, with the Crosswalk.

Thank you all!


#2

You could try to build a completely server-side fb or g+ login.

Like -> 1. user types facebook email and pw in
2. sends to your server
3. server connects to facebook and tries to login with credentials
4. if success -> create own Authentication entry in your db or create session
5. if failed -> show error

But i do not know if this is a trusting handling :wink:


#3

thanks for this sugestion but it does not look much secure. :wink:


#4

yeah but with the plugin you have also a secure lack -> because if you have an own backend you need to check if the user is really authorized -> so you get the accessToken from facebook-plugin and send it to the server -> the server uses this access token to get user data or status.

There is a very ugly handling like you write an endpoint -> this endpoint is opened in in-app browser -> the backend redirects to facebook -> after success or failure facebook redirects back to an endpoint, there you can handle error or successcase and the your backend redirects the user to a success or failure page.

In the app you can wait for fail or success page -> close inappbrowser and handle success or error :frowning:

So i am going the way with the facebook plugin and the accessToken.
If your backend runs on https and you do not store the accessTokens ^^ to crawl userdata :wink: