Hello everybody,
I hope, somebody can help me. For my past projects I always used Ion-Auth for the authentification. Now I start an new android webapp project. For the web-views I use Codeigniter and I want to implement the authentification with tokens. For this I get all user data from a ldap-server. The connection to the ldap-server works fine and I can authenticate direct by using sessions.
Now I want to connect the Webapp. For this I sent the user und password to the server and receive a json string (JWT):
The webapp will store the token in a sqlite database. Logout will clear the database.
For the view calls I alway check the token:
Combined The workflow goes like
I hope, sombody can help me.
Thanks Thomas
I hope, somebody can help me. For my past projects I always used Ion-Auth for the authentification. Now I start an new android webapp project. For the web-views I use Codeigniter and I want to implement the authentification with tokens. For this I get all user data from a ldap-server. The connection to the ldap-server works fine and I can authenticate direct by using sessions.
Now I want to connect the Webapp. For this I sent the user und password to the server and receive a json string (JWT):
PHP Code:
$user = $_POST['userl'];
$password = $_POST['password'];
// ldap authentification
$this->auth_ldap->login($user, $password);
$response = ...
echo json_encode($response); // token
The webapp will store the token in a sqlite database. Logout will clear the database.
For the view calls I alway check the token:
Code:
decode($_POST['token'], 'secret_server_key');Combined The workflow goes like
- The user calls authentication service, usually sending username and password.
- The authentication service responds with a signed JWT, which says who the user is.
- The user requests access to a secured service sending the token back.
- Security layer checks the signature on the token and if it's genuine the access is granted.
I hope, sombody can help me.
Thanks Thomas