I don't understand the difference between onAuthStateChange() vs usng JWTs for Supabase. My goal is to check if a user is currently logged into an app, so i don't have to present them with the login screen every time they open the app.
Which is more suited for what I want to do?
Related
I'm currently working on a PWA and noticed that the overall experience would be awesome for the users, if they do not have to sign-in every time they open the app.
I've noticed that on native mobile apps, the user stays signed in unless they decide logging out of the app.
I could think about the following approaches -
Make the session time super long; say 30 days or 180 days. I'm not aware of the downsides of this approach.
Create a cookie that says that auto-login link and use it to authenticate the user automatically when they open the app.
But there could be a way better approach than this; and I'm curious to know about it. Can someone help?
Well depends on your current user session algorithm, websites like facebook keeps me logged in for years, you might want to use
Local storage (Indexed DB) to store the user's data only update them asynchronously ,
Cookies, set a (x months) cookie and validate the cookie if it exist probably with the user's data,
This would be preferably done with your server side language and not client side.
I want a user to stay logged in after closing the app. I've heard of shared preferences but most of the examples are for things not as important as users' login credentials so is it possible to use that package for this? Furthermore, is that a safe way to go about this problem? Or should i allow google sign in, in order to keep them signed in? I'm generally unsure about how i should go about doing this and which is the safest way?
There are multiple ways to go around this problem.
1) Keeping login Data on the client side
You can use Shared Pref. Once logged in you can save a value in shared Pref or in your db. When the user comes again you can check the value, if sharedpref says user is loggedIn, take user to HomeScreen else login screen.
2) Keeping login data on your server.
You can use a web API to make sure if user is loggedin. When user login for first time you can store loginStatus on server. when user kills app and come back again you check with an API. if user was loggedIn. If user was loggedIn, take user to HomeScreen else login screen.
3) Using third Party APIs
As you already mentioned Google Sign In. You can certainly leverage that. It is a powerful and clean API. But most importantly check it with your business requirement and compliance team.
I have an app with SwiftyDropbox that function correctly, but I need to insert email and password for Dropbox every time that I use the app.
The app it's only for my use, it's not a security problem if the app auto-login in my account.
I don't find examples or documentation to make an auto-login with SwiftyDropbox. It's possible?
While the Dropbox API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files, it is technically possible to connect to just one account. We generally don't recommend doing so, for various technical and security reasons, but those won't apply if you're the only user anyway.
So, there are two ways to go about this:
1) Implement the normal app authorization flow as documented, and log in and authorize the app once per app installation. The SwiftyDropbox SDK will store the resulting access token for you, which you can programmatically re-use after that point each time using authorizedClient.
2) Manually retrieve an access token for your account and hard code it in to the app, using the DropboxClient constructor shown here under "Initialize with manually retrieved auth token".
I have seen many web apps supporting Facebook Connect...
But when i login through those apps sometimes the authentication is successful but nothing is returned to the app and the login page just goes to a blank page in that new windows and stops... The whole process fails... And this has not occurred once but many times...
So my question is:
Is Facebook Connect a good solution to use in apps or should i use something like Google Login or Twitter Login or OpenID or just a simple password based login or all of the things and let users choose what they want?
And if your answer is app the solutions then wont my database become messy and the app slower because it has look for more data now?
I know it depends on various factors but I just want your opinion, what would u choose and why?
Supporting Facebook connect as login function make sense only if your app has something to deal with Facebook (which is the most of our app today ;-)).
The behave of some app when sucessfully Authenticated and then Authorized is up to these app.
FB login give you all the tools to build you own user experience.
The things become a bit more difficult when you want to introduce FBConnect within already existing login base, while you have to find a way to bind the Identified FB user with your user account.
I'm building an iPhone app that, in part, allows the user to log in to, pull data, and post data back to a Wordpress site (more specifically, Buddypress). One way I'm considering approaching this problem is to use a series of UIWebViews to display the mobile-themed version of the site.
Ideally, I want the user to be able to, upon first-launch of the app, input their username and password, and then never have to do it again (functionally similar to tons of other social apps out there, like Facebook, Twitter, etc.)
Here's my question - obviously it is easy to store the user's login credentials, but how do I, in the background, establish an authenticated and persistant session with those credentials each time the app opens, so for the user, they are never presented with a login screen again, and can just use the app like normal?
Does anybody have any suggestions?
WordPress uses XMLRPC to authenticate. You can, on top of the API given, write your own codes to store credentials. Persistent session can then be made.
Read this FAQ : XML-RPC Support for WordPress