Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
Webber2020-04-12 19:16:42
Mobile development
Webber, 2020-04-12 19:16:42

How to make authentication in a mobile application through social. networks?

There is an application for ios, android. The application has points.
You need to do authentication through Facebook, Google, and if the user is logged in, then the points should be synchronized on different devices.

The scheme is something like this:
1. When you login via Facebook, Google - access token is returned.
2. After a successful login. The client sends a request to the backend (id device, access token, provider (social network))
3. The backend looks to see if there is already such a user, if not, it creates and returns a uuid (its own)
4. The client saves the uuid for itself and the next sends a uuid to the server
when logged out When logged out, the uuid on the client is deleted
When logging in through another social network, it is replaced

Is the logic correct?
What is returned to the client after logging in through the social. network? Do I need to store on the access server the token that will be returned?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
R
Robur, 2020-04-12
@Robur

it is not clear why you need to make your own uuid, if you can see "is there such a user" without it? always send access_token from the client, this is the easiest. Unless you need to store the session on the client even if he logged out from the social network and lost the access_token.

What is returned to the client after logging in through the social. network?

The most common option is to request the user's email and then work with him.
Do I need to store on the access server the token that will be returned?

no
you can do uuid and

Report
S
Sergey Shvyrev, 2020-04-12
@CellycoMobiles

Let's simplify the task.
So you need to authorize the user through the social. networks.
The ideal would be to use an OIDC or SAML provider to approximate user authorization. This will reduce development time.
Such providers provide the maximum amount of used social media. networks (I'm not sure if Gmail and GitHub can be considered social networks, but that's ... a subjective opinion), but differ in implementation.
All you need to do is choose one of these providers at the r&d stage.
Further subjectively:
For "non-Russian" fintech projects, I recommend - AWS Cognito. Out of the box, it meets several PCI DSS points at a very humane cost per MAU.
I highly recommend Google services. They merge the audience and everything to rtb-shnym grids and muzzlebook. But if the audience is not important - take it. Easier to connect.
PS If you have additional questions. There is my cart in the profile. Write - I will answer.

Similar questions
R
Respect and good to all2018-12-06 12:29:04
How to send a financial monitoring report from a 1C thick client? 4Reply
A
Alexander2018-11-07 18:47:19
How are files/text encrypted and decrypted on mobile phones? 2Reply
D
Dmitriy Vasilyev2016-06-09 12:55:24
How to set up the Accardion so that when it opens it closes the other one? 1Reply
S
sanke462018-11-09 14:38:01
How to embed an online payment system in an application? 2Reply
G
Georgiidfd2018-11-10 13:14:25
How much does the design of a mobile application cost for example 1-3 screens? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question