Stackmob oAuth without exposing my private key

[Harish Narasimhan]

Stackmob oAuth with username and password.
How do i user Tiggzi to login to Stackmob specific to an user without exposing my private key as given in the example http://help.gotiggr.com/getting-start...

[maxkatz]

It's not specific to apps built in Tiggzi, it's an issue across the board with HTML5 mobile apps where you can view the source and look at the private keys. If you build a hybrid app, then looking at the keys is not possible any more (well, possible but much more difficult).

We are working on a solution where the keys will be kept on the server - sort of a proxy.

[Harish Narasimhan]

I am able to authenticate a user on stackmob with just the public key and his user name and password using a rest service
I am not sure how to save that authentication

[maxkatz]

Save what..?

[Harish Narasimhan]

A login token maybe. How else do html5 banking apps authenticate?
With the latest changes to stackmob, when i authenticate login id and password it seems to send me back a cookie token in the header

[maxkatz]

You can save it Local Storage

[Harish Narasimhan]

Could you help with a sample of that please. Because stackmob gives SDK for Javascript/HTML5 apps. I am not sure how to use it within Tiggzi
http://www.stackmob.com/devcenter/doc...

[maxkatz]

Although you can use a JavaScript SDK, the concept in Tiggzi is based on using REST APIs directly. This way you can get the powerful mapping feature and more in Tiggzi. That would be my recommendation.

[Harish Narasimhan]

Absolutely i want to use Tiggzi and that is why we have four people with licenses trying to get our prototype on Tiggzi. Would greatly appreciate if you could help with login authentication using just the public key with login/pwd combination please.

[maxkatz]

I'm going to ping the guys at StackMob, I don't believe the REST APIs to do this are in the docs...