Results 1 to 6 of 6

Thread: Best authentication approach using Sencha?

  1. #1
    Sencha User
    Join Date
    May 2012
    Posts
    17
    Vote Rating
    0
      0  

    Default Best authentication approach using Sencha?

    I'm sure this has to be a fairly common question, but I couldn't find much info on it.

    I am building a mobile app that will not have access to any server-side languages (aka, no PHP). It will be deployed in conjunction with PhoneGap, or something similar.

    My app will need to authenticate the user against my web server so that the user can access the private info / settings that the webserver has saved for them.

    My question is...what is the 'best practice' approach for doing this w/ only javascript? I need to keep the user's password safe, and if using OAuth, I need to keep my consumer secret / key safe as well.

    This reallly has to be a common issue...how what approach do you guys usually take?

  2. #2
    Sencha User mitchellsimoens's Avatar
    Join Date
    Mar 2007
    Location
    Gainesville, FL
    Posts
    40,029
    Vote Rating
    1368
      0  

    Default

    Save things to a cookie or localstorage.
    Mitchell Simoens @LikelyMitch
    Modus Create, Senior Frontend Engineer
    ________________
    Need any sort of Ext JS help? Modus Create is here to help!

    Check out my GitHub:
    https://github.com/mitchellsimoens

  3. #3
    Sencha User
    Join Date
    May 2012
    Posts
    17
    Vote Rating
    0
      0  

    Default

    That's cool...what about HOW to contact / interact with the server? Do people usually just do a basic auth, or something closer to OAuth protocol , or...?

  4. #4
    Sencha User mitchellsimoens's Avatar
    Join Date
    Mar 2007
    Location
    Gainesville, FL
    Posts
    40,029
    Vote Rating
    1368
      0  

    Default

    Quote Originally Posted by johnnietheblack View Post
    That's cool...what about HOW to contact / interact with the server? Do people usually just do a basic auth, or something closer to OAuth protocol , or...?
    Depends on what you want. I personally think basic auth is too basic (and not secure) and OAuth is too complicated. I just submit a form or do an Ajax request and start a session on the server.
    Mitchell Simoens @LikelyMitch
    Modus Create, Senior Frontend Engineer
    ________________
    Need any sort of Ext JS help? Modus Create is here to help!

    Check out my GitHub:
    https://github.com/mitchellsimoens

  5. #5
    Sencha User
    Join Date
    May 2012
    Posts
    17
    Vote Rating
    0
      0  

    Default

    Word...on a tangent...how secure is the Ajax method? I like the simplicity, but always wondered about that. I don't have crazy private info to store, but if I'm sending a password over the wire, then it should probably be a little secure..

  6. #6
    Sencha User mitchellsimoens's Avatar
    Join Date
    Mar 2007
    Location
    Gainesville, FL
    Posts
    40,029
    Vote Rating
    1368
      1  

    Default

    If over SSL and using POST it is very secure. If it is a GET request (reason I would not suggest JSONP if doing cross origin) is that the url is still sent over in plain text and params in a GET request are in the url.
    Mitchell Simoens @LikelyMitch
    Modus Create, Senior Frontend Engineer
    ________________
    Need any sort of Ext JS help? Modus Create is here to help!

    Check out my GitHub:
    https://github.com/mitchellsimoens

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •