0

I had just finished the login process in Ionic 3 with the native facebook login plugin. Everything seems to work fine.
I get my facebook data and store them with the storage plugin.

Here starts the weird part for me.

I want the next time the user opens the app to be able to pass the authenticate phase automatically and i am not sure which is the proper solution.

Solution 1
When the user login for the first time a store the data so the next time he opens the app in the app.component.ts i check if the data i stored(ex userId) exists.

storage.get('userID').then((val) => {
   this.isLoggedIn = true;
   this.setRoot(MainPage);
});

Solution 2
I make use of the getLoginStatus function and if returns response.status === 'connected' i assume that the user was authenticated before and the data i stored exists.

Is one of them consider as a better approach?
Do you use a different solution?
Do i need the access token for some reason in this situation or this is useful for a web app only?

Manos Serifios
  • 577
  • 2
  • 7
  • 22

1 Answers1

0

I would say it depends on the security you are looking for, is your app dealing with sensitive informations ?

If no then you can simply store the userId (your solution 1) and you are good.

If you are dealing with sensitive data then you should consider to have a more secure system (as an example you have to consider that the user may loose its phone and so the user may want to cut off the access...) To secure the process with facebook a possible way to go :

  • send the access_token you get from facebook authentication to a remote server where you can check it (here a link for more info)
  • save a token to your sever corresponding to your new user (a json web token for example)
  • send back this token and save it locally
  • to every authentication check that the token is still valid server side

I recommend you to read the tutorials written by Josh Morony :

https://www.joshmorony.com/using-json-web-tokens-jwt-for-custom-authentication-in-ionic-2-part-2/

https://www.joshmorony.com/creating-role-based-authentication-with-passport-in-ionic-2-part-2/

https://www.joshmorony.com/basic-security-for-ionic-cordova-applications/

Ostn
  • 803
  • 1
  • 9
  • 27