Authentication idea


#1

Hey people,

i’m currently building an authentication module and got a question about something,
I have setup a server with an api and want my users to authenticate to this server
but everything with angular is client side so I was troubled how to set the id without anyone being able to just change it and pretend they’re someone else.

So i thought what if when a user registers on my app I create a random string on my server, hash this string and return it to my app and store it in local storage and on my database.
This way when someone requests I just check if the local string is equal to the database string, and when a user log’s out I empty this string in my db and local storage. and when they try to log in again I just create a new one.

Is this a good idea? maybe this is the normal way to go but couldn’t find a thing on the internet for authenticating without having to pay, since this app wil probably have alot of traffic i’m not willing to pay for every connection to my server.


#2

yeah, the idea with the token is good


#3

What you’re describing seems to be an Oauth authentication process using a token.

I’m not sure to understand what you mean by “couldn’t find a thing on the internet for authenticating without having to pay, since this app wil probably have alot of traffic i’m not willing to pay for every connection to my server.”, perhaps using something like heroku to host your server side code would help. Then again I’m not sure to understand this statement.

I actually needed something like that for a few apps I’m working on. I spent quite some time investigating this and was able to achieve something I was happy with.

In addition to email/password authentication I’ve added some social authentication which kind of works in the same way.

You can download the apk and test it.

If this is what you’re looking for you can checkout both the client side code at : https://github.com/malikov/Authenticate.me-client-cordova-ionic

And the server side code at : https://github.com/malikov/Authenticate.me-Node-Server

Best of luck