Authenticating my ionic app against Spring Boot REST API

#1

Greetings!

Question must be very typical, but i can’t really find a good comparison.

I’m new to Ionic & mobile dev.
We have a REST API (Spring Boot).
API is currently used by AngularJS 1.5 front-end only.
AngularJS app is authenticated based on the standard session-based authentication.

What should i use to authenticate an ionic 3 app?
As i understand, have 2 options:

  • 1. Use the same auth as for Angular front-end.
  • 2. implement oauth2 on back-end and use the token for ionic app.

As for now i understand that implementing oauth2 at back-end is a way to go, because with the option #1 i should store the username & password in the local storage (ionic app), which is not safe. Over wise if i don’t do that - user will have to authenticate each time the app was launched. Am i right?

So, that leaves me option #2 - store oauth2 token on the device?

#2

Yes.

But of course: If you currently using the session based mechanism and backend development is a bottleneck, maybe start the Ionic app with that and later add Oauth - it won’t make the security worse for now as you already have this in production with AngularJS.

#3

Thanks!

What we have in production with angular isn’t completely same - front-end doesn’t store user:pass and user simply relogin once session expired.
However as i understood with mobile apps, apps are usually do not require to re-login once launched again -> this data must is stored on device.

What do you recommend to store the user:pass / token ? https://ionicframework.com/docs/storage/ ?

#4

Ok, then I correct myself: DO NOT store the user:pass on the device. As long as you have no OAuth, just make them login with each usage of the app. This will enable you to start developing while you wait for OAuth or any other token based login to be implemented.