I'm sure this has to be a fairly common question, but I couldn't find much info on it.
I am building a mobile app that will not have access to any server-side languages (aka, no PHP). It will be deployed in conjunction with PhoneGap, or something similar.
My app will need to authenticate the user against my web server so that the user can access the private info / settings that the webserver has saved for them.
My question is...what is the 'best practice' approach for doing this w/ only javascript? I need to keep the user's password safe, and if using OAuth, I need to keep my consumer secret / key safe as well.
This reallly has to be a common issue...how what approach do you guys usually take?
That's cool...what about HOW to contact / interact with the server? Do people usually just do a basic auth, or something closer to OAuth protocol , or...?
That's cool...what about HOW to contact / interact with the server? Do people usually just do a basic auth, or something closer to OAuth protocol , or...?
Depends on what you want. I personally think basic auth is too basic (and not secure) and OAuth is too complicated. I just submit a form or do an Ajax request and start a session on the server.
Word...on a tangent...how secure is the Ajax method? I like the simplicity, but always wondered about that. I don't have crazy private info to store, but if I'm sending a password over the wire, then it should probably be a little secure..
If over SSL and using POST it is very secure. If it is a GET request (reason I would not suggest JSONP if doing cross origin) is that the url is still sent over in plain text and params in a GET request are in the url.
Best authentication approach using Sencha?
Originally Posted by johnnietheblack
Mitchell Simoens @SenchaMitch
Reply With Quote
