How can I authenticate my app with my backend server?

I have an app that performs OAuth with Google and Salesforce from the web. It needs to have the refresh tokens on the web server because it pre-fetched and computes business logic. However, I am now building an Ionic app (awesome experience!) which I want to be able to talk to the App Engine server on the backend. On the web, this happens over a “Sign In” button which redirects and authenticates with Google, and from there on out we use sessions to talk to the server.
What is the corresponding flow in Ionic? I ask because as far as mobile experience is concerned, for most apps I just have to log in for the first time when I install the app. The credentials need to be stored on the server, but I take care of that by using InAppBrowser plugin and call the same API that the desktop browser would call:

My question is, after that, how can I establish a permanent link between the Ionic app and the backend server? (Sessions, Google Cloud endpoints etc.)


Without knowing the specifics of the app, I could suggest possible storing the tokens in local storage.

Hey, thanks for the answer. From what I could make out, there are 2 methods, the cookie route and the token route. Since my web server uses the cookie route, I use the same in my Ionic app. So I basically hit the web server endpoint like:

var ref ='', '_blank', 'location=yes');
      ref.addEventListener('loadstart', function(event) { 
          if((event.url).indexOf("") > -1) {
              // requestToken = (event.url).split("code=")[1];
              .success(function(data) {
                  // alert(JSON.stringify(data["authenticated"]));
                  $scope.authenticated = data["authenticated"];
              .error(function(error) {

But I am not finding anything in My question is, once my web server authenticates the user using Google, how can I get the session key from the cookie, and then use that in subsequent requests to make authenticated calls with the server? window.sessionStorage was not returning anything.


So, just to close out this post in case someone new runs into the same issue, I went the JWT token route. Here, whatever session-cookie mechanism happens in normal webflow is similar, except that the JWT token is being signed by the server using a secret key known only to the server, and then being passed in the HTTP payload (as opposed to the HTTP header in the cookies). There are multiple advantages as listed in

Also, the videos mentioned in this related answer were really helpful in getting JWT set up on the server and client:

Sessions or Cookies AngularJs PhoneGap