stackoom
  简体   繁体   中英

Authentication for both web application and native app

 原文  2014-04-29 00:35:16       android/ authentication

Question

We have a web application which can be accessed through the browser, now we create an android app for the application, then they should share the same backend.

For the authentication, generally the browser will(or may) save the user information in the cookie, and send the cookie to the server with each http(s) request to the server, then the server will put things in the page accordingly.

Now for the app in the android, I am not sure how to make it. I do not mean how to send the authentication request to the server, for this issue I can refer to this post .

What I am confused is that once I send the user id and password to the server and get a successful response, how about the next request? Should I bind the authenticated user information to each request to the server like the browser does or I just save a flag like authenticated=true|false to the preference?

I hope someone can provide some suggestion.

Maybe I do not make myself clear enough. I will take an example.

Suppose I have a web application which have a page named "followers.jsp" which will show the followers for the current signed user. Normally we will do the authentication get the followers from the database and then pop them to the page like this:

followers.jsp: 

User u=Session.get("user");
if(u==null){
  //no authenticated redirect to login page 
}else{
  List followersList=getFollowers(u);
  requset.setAttribute("followers",followersList);
}

Then render the jsp page directly.

Now we create an android application for our product, then when user use our app, he will login and see his followers, at this time, we have to create a web service which will do the authentication and return the data, then the app will render them. The web service may looks like this:

api/getFollowers.xx 

User u= // here we must get something to identify a user from the request information maybe a token or something else? 
List followersList=getFollowers(u);
return toJson(followersList);

And now we find that both our "followers.jsp" page and our service will do the same job(authentication,read the db, return the data back),then why not both use the web service, since we can use ajax which will make a better user experience to get and render the data at the "followers.jsp"?

If so, how to make an unified authentication mechanism for both pc and android client?

1 answers

solution1
 -1  2014-04-29 04:54:06

If the website requires authentication for each request, then you'll need to send authentication data. If it doesn't, then I don't see the point of authenticating in the first place, from the web or android, since anyone can send a request and get a response without having any credentials. If you don't want to send the password every time, you could create and send a temporary authentication token, though that would require some changes to the web service.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Firebase Authentication in both Embedded Flutter app and Native Android JWT based authentication for web app and native android app React Native fingerprint authentication for android and ios both Mobile App or Web App or Both? Multiple Google Analytics tracking ways - Mobile Web Application & Native app How to Switch between Native Mobile App to Web Application to verify the elements on it Is it possible to open native android clock app from web application? Native or Web mobile app for an application that uses data from a distant server? How to create a web application which works for both web browser and android app Expo react-native app with firebase phone authentication works on web, error on ios simulator and crashes with no warning on Android
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM