ios - Should I check user auth ( user name , password, device token) in webservice every time when my mobile application is launch? -
should check user auth ( user name , password, device token) in webservice every time when mobile application launch?
i developing ios application need user login username , password ( first time of application launch). after user information save in app local data , user no need key in username , password again.
my idea check if user still active-user calling web service whenever application launch.
my question , necessary check whenever app launch .?
and there design pattern control user auth ios app.?
generally, should not store username , password locally, if must, store in ios keychain , not in local app db. (if not familiar keychain follow this tutorial)
to able 'not' save username , password in app, need implement authentication mechanism (like oauth 2 : check tutorial) handles authentication via web view , needs client use authorized token.
to refresh token, need 'refresh token' api can check if token valid , if expired can prompt user enter credentials or use ones store in keychain refresh token automatically.
note : can find many more such tutorials on https://www.raywenderlich.com , elsewhere if google it.
note 2 : although oauth 2 more centered around giving access 'third party', enough model normal authentication mechanism. please spare hate in comments suggesting oauth 2 normal authentication.
Comments
Post a Comment