Backendless Support
 
Answered

user authentication on multiple platforms

I have an iOS app and a Javascript based web app.

If a backendless user logs in successfully to the IOS app I would like them to be able to go to a WKwebview of the web app within the iOS app and 'somehow' the web app would recognise that the user is already authenticated from the IOS app and not need to be reauthenticated on the web app.

I have a couple of ways I have thought about doing this...

1. I could use something like Auth0 for this, but that will cost extra and mean I have to keep the user information somewhere outside of backendless.

2. I could pass the username and password for the user from the IOS app to the webview via some sort of javascript injection and https and then silently authenticate the user again on the web app. This doesn't strike me as a particular elegant or secure solution though.

Is there a better backendless solution which will allow a single sign on to both apps ? How could the web app recognise the user has already been authenticated?

I hope this question kind of makes sense? It must be a common scenario and maybe I am missing something.

Mike

Leave a Comment

Comments (8)

photo
2

Hi Mike,

This doesn't actually sound like a common scenario - I can't seem to remember any application which would pass the user's "logged in state" between environments.

The only option I can advice is to retrieve a user-token after the login in the iOS app and somehow pass it to the WKwebview to set it there: this way the requests from WKwebview will be issued as if the user has been logged in. Since you say that this WKwebview is inside the same iOS app, I guess there may be some way to share the variable in memory either natively or using some kind of in-memory database. Although, I'd say that storing a user-token in the database may be considered insecure.

photo
1

Hi Sergey,

Yes correct I don't know why I said it was a common scenario as its the first time I have wanted to do this. I think I was being hopeful that someone had come across this before and got a solution / work around.

OK I quite like that user-token idea though. I will try that...

Many thanks,

Mike

photo
1

Hi Sergey

I have got the user-token from after the login in the iOS app. I used user.getToken() - is that right way?

And I can pass this token into a javascript function of the app via the WKwebview so that it is ready to be used by the web app, but I am not quite sure how to use it. How can I use this token in the web app to create the effect that the user has been logged in?

Mike

photo
1

From JS SDK you should be able to use the following to set the user-token:

  1. Backendless.LocalCache.set('user-token', token)

photo
1

Hi, I've moved on a bit, but stuck again - forgive me if I am doing something so obviously stupid, but its Friday afternoon afterall!

//So I set the LocalCache

Backendless.LocalCache.set('user-token', 'xxxx-xxx-xx');

//I now want to get this backendless user as a normal backendless user as if they have just logged in, but of course they haven't

//So I tried this, but it returns null

Backendless.UserService.getCurrentUser()

.then( function( currentUser ) {

console.log(currentUser);

//null

})

.catch( function ( error ) {

console.log("error getting current user");

});

how can i get user after setting the LocalCache?

Many thanks,

Mike

photo
1

Hi Mike

according to the JS-SDK sources you need to add a few lines for get it working

https://github.com/Backendless/JS-SDK/blob/master/src/users/current-user.js#L29

  1. Backendless.LocalCache.set('stayLoggedIn', true);

    Backendless.LocalCache.set('current-user-id', 'USER_OBJECT_ID');

    Backendless.LocalCache.set('user-token', 'USER_TOKEN');

  2. Backendless.UserService.getCurrentUser().then(...)

Regards, Vlad

photo
1

Thanks Vladimir, Looking forward to giving this a go on Monday. Will update if I can't get it working then. Cheers.

photo
1

Worked like a charm, thanks Vladimir.

photo