All geek questions in one place

Authentication and session management in response applications

I looked at user authentication solutions in response-based applications. I came across things like Firebase and JSON, but I can not find an example of session management between the server and the client device.

For the response / server relationship, the bit that I am missing is the server side part, which is the equivalent of this $_SESSION variable in PHP, which can be used to store a unique user ID.

 => Client token sent with each data request. => Request Checks token and sends data back for that specific user/token pair

I am looking for some example code how it will be managed on the server side, and offers tools / implementation that you suggest to use for its implementation.

I'm not currently looking to implement oAuth2 because, rather, I want to create my own login system so that I can correctly understand how the application works.

+5
source share
1 answer

A note about OAuth 2.0:

I have a strong recommendation for the OAuth 2.0 protocol when working with mobile applications, especially because of the Token Refresh architecture, which helps me keep my user authenticated for a long time without compromising on my own security.

In addition, it is a protocol used by major social SDKs: Google, Facebook, Twitter and Slack. The best part: you can use ready-made solutions on the side of your server, for example, OAuth 2.0 server for PHP and OAuth 2.0 server for NodeJS .

Saving data is safe for React Native

Going back to the end of React Native, if you have your own set of credentials (JWT or OAuth 2.0), you should keep them safe. There is no direct way to do this using only the framework, but there is a large package called react-native-keychain that deals with it in both iOS and Android platforms.

Add it to your project.

 # Using Yarn yarn add react-native-keychain # Or using NPM npm install --save react-native-keychain

Then just use it where your user authenticates.

 import * as Keychain from 'react-native-keychain'; // When you have the JWT credentials Keychain .setGenericPassword("JWT", token) .then(function() { console.log('Credentials saved successfully!'); }); // When you need to get it from safe storage Keychain .getGenericPassword() .then(function(credentials) { console.log('Credentials successfully loaded for user:' + credentials.password); }).catch(function(error) { console.log('Keychain couldn\'t be accessed! Maybe no value set?', error); });
+4
source

Source: https://habr.com/ru/post/1273532/

More articles:


All Articles