7

I already have CRUD web application which is build using Codeigniter PHP framework and Ion Auth authentication library (for Codeigniter). So users needs to log-in to use the site etc.

Now Im building small mobile app using Phonegap & jQuery mobile which uses this same backend. There is "REST like" api in backend which handles all ajax requests from mobile client.

How should I handle user authentication for this mobile app? I want to use as much as possible existing backend codebase.

Im planning something like this:

  • From client send username & pass to server
  • Return session id back to client from server
  • Store session id to client (local store)
  • Send that token in each requests to server and validate it in serverside.

How to do this in backend side? For login, I can use Codeigniter Ion Auth library login methods and get Codeigniter (PHP) session id. In second request when user send some actual data together with sessoin id, how to validate the session id? Or is it better idea to build completely new login functionality for mobile app authentication than try to use existing functionality (Codeignitre Ion Auth library)?

All ideas and suggestions are more than welcome!

devha
  • 3,307
  • 4
  • 28
  • 52

2 Answers2

1

I think the best solution is just to put a middleware between your controllers and the request.

You can do that with the Hooks : http://ellislab.com/codeigniter/user-guide/general/hooks.html

Use the pre controller hook.

For managing easily API requests, play with the HTTP code

  • 404 : Not found item (like /client/:id)
  • 500 : The server has a problem
  • 401 : There is no token
  • 403 : This token is not authorized to access this resource (like a simple user who wants to access admin stuffs)

You have all the codes here : http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Avoid to use a complex library when you can do it easier. The hooks is the best for me.

I use NodeJS and the concept is the same with Express middlewares.

Yacine Rezgui
  • 1,771
  • 1
  • 18
  • 15
0

I have developed same kind of application for mobile using phonegap and jQuery Mobile and have used MySQL db for back-end of my website which is in node js platform but the overall idea of using API to access all the functionality is same.

API call to server for login and all the others operations like fetch data, send data to server etc..

If you have API ready on your server side then its done you need to just call that APIs to do everything. First you can call the login function of API and passed the username and password if successful then return success token with user_id that you can store in your local mobile DB. I have used SQLite for mobile storage.

then on every other request I used that token for authentication and perform operation on server.

you can also add the auto login functionality in my app so no need to login every time.

Naresh Ramoliya
  • 770
  • 2
  • 8
  • 25