How to retrieve Logged In User's Credentials from device

I have a login page in my Ionic App. The current behavior of the app is as below:

  1. After downloading the app, User launches it.
  2. The app shows Login Options (buttons) page (right now, I only have Microsoft (Active Directory)).
  3. Tapping any of the options, the app asks for login credentials (email and password).
  4. The app authenticates these credentials against the server/corresponding vendors.
  5. Upon successful authentication, the user is taken to Home Page of the app.

Now the important part, for all the subsequent launches, when the user taps on the ‘Microsoft’ (again, this is the only option I have right now) button it doesn’t ask for credentials (emails ID and password). Instead it takes the User to Home Page directly.

So, I am sure the user credentials and/or its corresponding token or something similar is being maintained in the device somewhere.

How do I access this information programmatically?

What I am trying to achieve is: If the user credentials/token already exist on the device then don’t even shot the Login Options Page. Take the user to the Home Page directly after the app is launched.

Any ideas/pointers/suggestions on how this can be done.

Thank you!

Hi!! maybe you could store the session information in the app preferences or in a SQLIite DB.
Ionic native has both plugins:
App Preferences
SQLite

Hope that helps :slight_smile:

How did you implement this? The solution to your problem depends on this.

@krlozadan - thanks for your kind reply, appreciated! I will look into them. :+1:

@Sujan12

I am using Microsoft Azure Active Directory (AAD). So using their library I make a call (it’s a Promise) which opens up a Microsoft login page (not implemented by me) where I/user can enter their AAD email and password. And upon Submit on this page the user gets authenticated against the AAD.

If authentication is successful (i.e. the Promise call is successful) then in the success/resolve part of my Promise’s .then() I set my home page as root page.

Hope this helps you suggest me a solution.

Thanks.

Can you provide a link to the docs?

In general you would expect to get “something” back from that promise that could be used to understand if the user is logged in. As long as this thing is “valid” (it exists, or returns valid if run through some kind of isValid()) you should expect the login to still be working.

Do you interact with the library on HomePage and after again or is this really just a check to show HomePage or not? Does it later use some API calls or anyting?

@Sujan12

Yes, it does return JWT token (access_token).

Here, I assume, you mean the access_token. I think that’s what I am trying to find out.
That is, upon successful login/authentication, where is this access_token stored on the device? In other words, how do I get hold of this access_token in my code so that I can make that “validity” call myself?

The Microsoft library I am using for authentication is cordova-plugin-ms-adal. Here are the a couple of doc links:

If the promise returns it, why not just store it in local storage with e.g. Ionic Storage? Then you can just get it when your app starts and set the rootPage to show accordingly (after checking if the token is still valid). (Of course you then also have to give that token to the library somehow, so the internal calls of the library uses the same token you have in storage)

@Sujan12 - Right. I can implement that. However, at this point in time, I do not have a local/Ionic Storage implemented and more importantly, since the device is keeping it somewhere why not use it directly from there and not duplicate it as it will add up other maintenance as you mentioned.

I mean, I will do it if that’s the industry standard (best practices) for implementing such things. But would prefer to just use it from wherever the device is storing it.

Thanks, I appreciate your patience.

Makes sense, although I am not sure this is actually possible.

You will have to look into the provided methods of the library/plugin. It might very well be that the login happens on each login attempt by using a cookie that is available in the webview or something like that - you will have to investigate. If there is a “getCurrentToken” method, of course use that instead of handling stuff manually.

(Also very difficult for us to help here as we don’t have an actual app to play with - so if you don’T find anything yourself you will probably have to create a repro as Github project we can look at)

Okay @Sujan12, will try to find out is there is a way using the library.

My apologies, I don’t think I can put the app (or some version of it) on GitHub to be shared. I understand that will limit you guys to help suggest more appropriate solution.

Thanks again for your kind help, very much appreciated!

ionic start blank blank and then copy over the relevant bits with the library :wink:

Yeah, will do it if nothing else works. :slight_smile:

Thanks!

1 Like

It appears everybody uses some kind of storage for this purpose and not go after wherever the device is maintaining user’s credential information.

Do you guys know what is the preferred way to implement storage? Is it SQLite or App Preferences?

I read somewhere that if we install SQLite and code our app using ionic-storage, it will internally use the installed SQLite. Is it true and is it recommended?

Would appreciate if you could please give some insights.

Maybe, I will put a separate port in the forum asking the same.
Thanks.

I’m using MS adal plugins for my Ionic3 project and its validate user from azure. My question is, if I login the app after the sso validation and I change the password from a web browser, then how the plugin validate my credentials again? I’m using the code like if(authContext.tokenCache) acquireTokenSilentAsync… else {acquireTokenAsync}… is this the right way?