Authenticate native mobile app using a REST API

371 views Asked by At

Like the Facebook application, you only enter your credentials when you open the application for the first time. After that, you're automatically signed in every time you open the app. How does one accomplish this?

1

There are 1 answers

0
Master Slave On

There's a commom line in all auto-login implementations

  1. Upon an initial login, a token is received and stored on the client side
  2. Upon subsequent visits, if token is available on the client side, the server resolves the identity and logs in automatically

Now concrete implementation variations can be numerous. The token can be a session ID (encripted or not), OAuth token, custom token, username and password should be avoided. Storing token can be on within a browser cookie, browser local storage, can have a server counter-part. Security is the major concern. Generally about the topic you can read more here https://softwareengineering.stackexchange.com/questions/200511/how-to-securely-implement-auto-login

You have an interesting explanation of how does Stackoverflow do it https://meta.stackexchange.com/questions/64260/how-does-sos-new-auto-login-feature-work.