How to develop authorization logic correctly?

A

Artem Nanavov2020-12-30 17:29:10

JSON Web Token

Artem Nanavov, 2020-12-30 17:29:10

The server is written on node.js + express

There is an auth router, it has a login + reg

If the reg/login is successful, the server sends a cookie where there is a refresh_token.

My misunderstanding begins when to enter and reg. maybe a mobile application, the server then returns a cookie with a refresh_token, but there are no cookies in mobile applications, therefore it will not be able to get a refresh_token in any way (as I understand it)

So, do I need to write a new reg / entry for a mobile application or not?
How to properly organize the authorization logic for the browser and mobile. applications

And if possible, describe how registration/login occurs in practice in mobile applications (how they get a token, where they hide it, etc.)

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ivan Kulakov, 2020-12-30
@ivankprod

In mob. In the application, cling the cookie from the server and encode it in a reliable storage, or directly give the server not the cookie, but the token itself and also hide it.
UPD: In principle, cookie emulation on mobile phones is a simple matter, many do it.