VocaDB-App icon indicating copy to clipboard operation
VocaDB-App copied to clipboard
verified publisher icon VocaDB

User account and authentication features

Open up2code opened this issue 10 years ago • 1 comments

I never working on about authentication directly by myself. Especially about from mobile to backend server. So I need to do some research for make sure not just its work, But must secure too.

up2code avatar Aug 10 '15 00:08 up2code

I think it would be enough if you ask username/password, get authentication cookie and use that to access user data.

  1. Request username + password from user.
  2. POST https://vocadb.net/User/Login (username + password in body). No need to save username + password.
  3. Save cookie named .ASPXFORMSAUTH from result.
  4. Pass that cookie to all requests to website.
  5. Should now be able to access user data.

No need for fancy schmancy Google/Twitter integration at this point. This should be secure enough because the authentication token expires eventually and password is not saved on device.

riipah avatar Nov 04 '19 04:11 riipah