I have a login page in my Ionic App. The current behavior of the app is as below:
After downloading the app, User launches it.
The app shows Login Options (buttons) page (right now, I only have Microsoft (Active Directory)).
Tapping any of the options, the app asks for login credentials (email and password).
The app authenticates these credentials against the server/corresponding vendors.
Upon successful authentication, the user is taken to Home Page of the app.
Now the important part, for all the subsequent launches, when the user taps on the âMicrosoftâ (again, this is the only option I have right now) button it doesnât ask for credentials (emails ID and password). Instead it takes the User to Home Page directly.
So, I am sure the user credentials and/or its corresponding token or something similar is being maintained in the device somewhere.
How do I access this information programmatically?
What I am trying to achieve is: If the user credentials/token already exist on the device then donât even shot the Login Options Page. Take the user to the Home Page directly after the app is launched.
Any ideas/pointers/suggestions on how this can be done.
I am using Microsoft Azure Active Directory (AAD). So using their library I make a call (itâs a Promise) which opens up a Microsoft login page (not implemented by me) where I/user can enter their AAD email and password. And upon Submit on this page the user gets authenticated against the AAD.
If authentication is successful (i.e. the Promise call is successful) then in the success/resolve part of my Promiseâs .then() I set my home page as root page.
In general you would expect to get âsomethingâ back from that promise that could be used to understand if the user is logged in. As long as this thing is âvalidâ (it exists, or returns valid if run through some kind of isValid()) you should expect the login to still be working.
Do you interact with the library on HomePage and after again or is this really just a check to show HomePage or not? Does it later use some API calls or anyting?
Here, I assume, you mean the access_token. I think thatâs what I am trying to find out.
That is, upon successful login/authentication, where is this access_token stored on the device? In other words, how do I get hold of this access_token in my code so that I can make that âvalidityâ call myself?
The Microsoft library I am using for authentication is cordova-plugin-ms-adal. Here are the a couple of doc links:
If the promise returns it, why not just store it in local storage with e.g. Ionic Storage? Then you can just get it when your app starts and set the rootPage to show accordingly (after checking if the token is still valid). (Of course you then also have to give that token to the library somehow, so the internal calls of the library uses the same token you have in storage)
@Sujan12 - Right. I can implement that. However, at this point in time, I do not have a local/Ionic Storage implemented and more importantly, since the device is keeping it somewhere why not use it directly from there and not duplicate it as it will add up other maintenance as you mentioned.
I mean, I will do it if thatâs the industry standard (best practices) for implementing such things. But would prefer to just use it from wherever the device is storing it.
Makes sense, although I am not sure this is actually possible.
You will have to look into the provided methods of the library/plugin. It might very well be that the login happens on each login attempt by using a cookie that is available in the webview or something like that - you will have to investigate. If there is a âgetCurrentTokenâ method, of course use that instead of handling stuff manually.
(Also very difficult for us to help here as we donât have an actual app to play with - so if you donâT find anything yourself you will probably have to create a repro as Github project we can look at)
Okay @Sujan12, will try to find out is there is a way using the library.
My apologies, I donât think I can put the app (or some version of it) on GitHub to be shared. I understand that will limit you guys to help suggest more appropriate solution.
Thanks again for your kind help, very much appreciated!
It appears everybody uses some kind of storage for this purpose and not go after wherever the device is maintaining userâs credential information.
Do you guys know what is the preferred way to implement storage? Is it SQLite or App Preferences?
I read somewhere that if we install SQLite and code our app using ionic-storage, it will internally use the installed SQLite. Is it true and is it recommended?
Would appreciate if you could please give some insights.
Maybe, I will put a separate port in the forum asking the same.
Thanks.
Iâm using MS adal plugins for my Ionic3 project and its validate user from azure. My question is, if I login the app after the sso validation and I change the password from a web browser, then how the plugin validate my credentials again? Iâm using the code like if(authContext.tokenCache) acquireTokenSilentAsync⌠else {acquireTokenAsync}⌠is this the right way?
