Ionic authentication for login with angularjs

Question

As ionic uses angularjs, for login system there isn't any browser to save cookie or session in order to authenticate for each part of application. One way is protecting by using this in app.js :

$urlRouterProvider.otherwise('/login');

Because any one doesn't access to other links into application. When returned answer from server (mysql database) is true , we can use this:

$state.go('app.main');

Is this a good idea? Or any other ways?

Answer 1

Since ionic essentially calls to a back end api, you can implement any standard api authentication mechanism.

The most common was would be have a toke based authentication, High level workflow can be as follows

1 - ionic app calls a backend server end point and get a token (by passing some kind of an encrypted key)

2 - Back end server generates a token (ideal for a given time period) and sends back to the ionic app.

3 - There after, in every request ionic sends the token. (ideally in the request header)

To save the token temporary , you can use a simple storage solutions like ng-storage or sqlite

have a read here

Answer 2

For our company app we use a digest access authentication( https://en.wikipedia.org/wiki/Digest_access_authentication ) with our ionic app and our node server that is hooked up to a sql database. Once the user is authenticated we send them a jwt (javascript web token). We can then store that webtoken locally (if they check the option for auto login) or they can re-authenticate whenever the app is reopened and we give them another web token. This has so far proven to be a safe and efficient method of user authentication. Here is a tutorial for using json web tokens and angular. http://www.toptal.com/web/cookie-free-authentication-with-json-web-tokens-an-example-in-laravel-and-angularjs

Answer 3

I would strongly encourage you to checkout John Papa's ng-demoes , especially one with J WT token , because that is what you want to use nowadays. (Those are not specific to ionic, but rather for angular.js apps in general)

basically you have several things you need to do:

• handle all the places where you need to check if user is authenticated or not and emit unauthorized event

• handle event and redirect to login state/route

In above example you basically add interceptor ( https://github.com/johnpapa/ng-demos/blob/master/ng-jwt/src/client/app/services/authInterceptor.js ) which looks if any request to the web services failed due to not authorized and rejects the promise returned by $http request

Also

As ionic uses angularjs, for login system there isn't any browser to save cookie or session in order to authenticate for each part of application.

You indeed can use localStorage/sessionStorage to store token and add that token to all requests. That is why you better off having token based auth for your web services, rather than cookie based. (basic auth can do to, just more cumbersome)