User registration and login via API Express

Tue Nov 03, 2015 10:00 am

I'm intending to link my App entirely to Oracle DB via API Express. This includes registering new users and login. With Appery DB, there is login and register services out of the box to link to users collection. However, for my DB, I am not sure how to do that.

ol
liWhat service type should I use? If GET? What should I use in the request and what should I expect in the response?/li
liWhat how about the security? Will login info be sent to my DB encrypted?/li
liWhat other measures should I take to ensure that credentials are not prone to any kind of tampering or hacking (sensitive data is stored in the App)? /li
/ol

Thank you,

Tue Nov 03, 2015 7:05 pm

Hello,

Yes, you have to use GET request. Please send user's name and password
If such combination is found - server returns user's information
You can encrypt these data, if it is necesseary
It depends on what data do you need to keep in the app

Wed Nov 04, 2015 9:09 am

Hi Sergiy,

Thank you for your reply.

I believe login service that is used to connect with Users collection, sends the username and the password encrypted. Is that correct?
If so, how can I mimic the same behavior and send the data encrypted to my DB?
I am only going to keep the user ID in the App, as I use it for connecting to other tables and querying. Is it safe to keep it in plain text?

Another question:
Appery login generates session token upon login successful. What is the use of the session token? Do I need to generate one? And if I do not, will the App remained logged in infinitely?

Many thanks,

Fri Nov 06, 2015 11:42 am

Hello,

Any update on this.

Thanks in advance,

Mon Nov 09, 2015 9:31 am

Hello there,

Is there any follow up on this thread?

Regards,

Wed Nov 11, 2015 10:55 am

No, they are sended without encription, Appery.io automatically encrypts password on the server-side
1. It depends on what is necessary for you. In general - it's quite safe.
2. Please look at this link: https://devcenter.appery.io/documenta...
  Do you need to have such functionality? If so - you have to generate them. If no - app would be logged in infinitely.

Tue Aug 23, 2016 8:35 pm

Hello Hawk,

I am trying to figure out how to authenticate on values (username / Password) in an external database.

Did you figure out how to architect such a solution in appery?

regards,
Jeff

Wed Aug 24, 2016 1:28 am

Hi Jeffry,

We have not done that yet. But we are planning in the next project. We will use a generic rest service to send username and password to stored procedure in our Oracle DB. Then we will return a session token (generated randomly) by our server, if they match.

As how to validate, it depends on what backend you are going to use. In Oracle, we need to build our own stored procedures to do that.

Regards,

Wed Aug 24, 2016 1:48 pm

Hello Hawk,
I'm following as well since me and Jeffry are on the same boat.

Regards,
Andrew

Wed Aug 24, 2016 2:34 pm

Hello Hawk,

Thanks for responding and sharing your experience. I must say that at this point I am thinking that quite possibly appery’s ability to integrate with an existing multi-user external data source is quite complicated and possibly more trouble than it’s worth. The fact that you began this quest 10 months ago and that it appears that authentication on an external data source requires custom coding both within the appery framework as well as on an external server, all of which is only vaguely discussed, is very discouraging.

Not one discussion I have read within these forums on this topic has resulted in a successful solution, never mind a clear development pattern.

Jeff