Skip to content

docs: mobile token guides #422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kenjis merged 6 commits into from
Sep 14, 2022
Merged

docs: mobile token guides #422

kenjis merged 6 commits into from
Sep 14, 2022

Conversation

@lonnieezell
Copy link
Member

@lonnieezell lonnieezell commented Sep 6, 2022

Adds a guide describing one way of using Access Tokens to authenticate a mobile application.

Requires #417 to be merged first.

@MGatner
Copy link
Member

MGatner commented Sep 6, 2022

Awaiting the other PR and rebase before review.

@kenjis kenjis force-pushed the mobile-token-guides branch from 9948bc2 to 9c666b7 Compare September 11, 2022 09:06
@kenjis
Copy link
Member

kenjis commented Sep 11, 2022

Rebased.

@kenjis
Copy link
Member

kenjis commented Sep 11, 2022

Added small fixes.

@kenjis kenjis added the documentation Improvements or additions to documentation label Sep 11, 2022
MGatner
MGatner approved these changes Sep 11, 2022
View reviewed changes
Copy link
Member

@MGatner MGatner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is rather opinionated but I like it as a practical example of a real and common scenario in webdev.

@datamweb datamweb changed the title Mobile token guides docs: mobile token guides Sep 12, 2022
@datamweb
Copy link
Collaborator

datamweb commented Sep 12, 2022

Is this explanation comprehensive, what about tablets, smart watches and ...?
Wouldn't it be better to use smart devices instead of mobile?

@lonnieezell
Copy link
Member Author

lonnieezell commented Sep 12, 2022

Thanks for the additional work here @kenjis.

@MGatner The code is mostly taken from the existing login method.

I still want to look into how we do SPA authentication and provide a guide for that. I feel that might need a new method added, but unsure yet. If we use the session filter for SPAs I think we need to provide a way for an API to get a CSRF token. If we go with tokens for SPA's there needs to be some careful consideration there as that would leave the token exposed to anyone who wanted to look. So would probably have to put the token in a cookie or something to hide it? Unsure at the moment.

@kenjis kenjis merged commit 6a8a7dc into develop Sep 14, 2022
@kenjis kenjis deleted the mobile-token-guides branch September 14, 2022 00:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kenjis kenjis kenjis approved these changes

@MGatner MGatner MGatner approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@lonnieezell @MGatner @kenjis @datamweb