Security with Ionic 2

richardmarais · July 16, 2016, 11:07am

Can anyone suggest some reference material to figure out how to make a secure connection between client and server please?

I am building an app where you need to login to see your info. I have a JSON transport between client and server. I don’t want anyone to be able to just call the JSON services.

i.e. If a user logs in, then they have a key that allows access to the secure service matching their key only.

e.g. UserId: 1 -> JSON -> returns userId 1’s data
UserId: 2 -> JSON -> cannot return userId 1’s data

Architecture
Ionic 2 --> JSON --> Spring RESTful Service Java —> Hibernate --> MySQL

Thanks

DidelotK · July 16, 2016, 11:11am

Hi, you need to create an jwt authentication, you can manage it will this tuto https://www.youtube.com/watch?v=f1xRKjEdU5E5. You can also do it with Firebase http://www.clearlyinnovative.com/integrating-firebase-with-angularfire2-into-angularjs-ionic2

richardmarais · July 16, 2016, 11:12am

Thanks. This looks like what I am looking for.

itlr · July 16, 2016, 11:17am

Isn’t that the purpose of authentication? That the API requires some sort of secret provided by the client or user in order to grant him access? As long as the transportation is encrypted with HTTPS so no one in the middle can figure out the resulted key, your API should be secure. If the client itself is breached there is nothing you could do really.