Android: User Signup & Login

wigdn · January 9, 2018, 9:48am

Hi,

I am also creating a user authentication flow. I have been following this thread for some tips.

I have authenticated my replication user with the SG with Basic Authentication. It works as supposed.

Now, I want to add a login form for my application users (i.e. not database/SG users). Can this be done with the SG ADMIN Rest API, or is this API only for the database/SG users? If no: how should I authenticate my application users with Couchbase?

priya.rajagopal · January 9, 2018, 1:54pm

What is the difference between "application user" and "replication user" ?

Typically, If your app is trying to sync data, then the credentials of the user who is logged into the app is the one that is used to authenticate the replicator. That will ensure that the data that is synched to the app is the one that corresponds to the user that’s logged in.

If for whatever reason, your login user credentials is not required for replication , then authenticating that user should be handled by your own business logic .
An example of how you may do that, you can have a “user” type document associated with the users in your system. For each user, you can store a JWT corresponding to the user password. When a user logs in via the app , you will query your database for the specific user document and verify against the stored credentials.

If you are using a third party provider like Facebook for authentication, you can use implicit login flow

wigdn · January 9, 2018, 2:14pm

So what you are saying is that if I’m using basic authentication, and want to sync my data, then I will probably need to add my users (~10 000) to the Sync Gateway config file?

This, or add an other third party solution, like Azure Active Directory B2C?

priya.rajagopal · January 9, 2018, 2:35pm

OK. So this question is different than what you originally stated (or how I interpreted it)

How do the users sign up into your system ? Is it via the Android app ?

This is one way you would do it.
Assuming you have a web backend service serving your mobile apps , extend that service to implement a “POST signup” endpoint. This endpoint will use the SGW Admin user API to add the user. The Android app will invoke this “signup” endpoint exposed by your web service.
It is not recommended that you expose the Admin API over the Internet so you cannot invoke the user API directly from the Android app.
Hope that made sense.

wigdn · January 9, 2018, 3:07pm

That certainly made sense. The part where we register our users (or , sign up, as you say) is already taken cared of in a similar way that you describe above.

We want to handle the user login (sign in) part in our android application and start the data sync. I am sorry if I were unclear before.

priya.rajagopal · January 9, 2018, 4:01pm

No problem.
As for user authentication during login , you can handle it in couple of ways

Similar to the signup API, you’d have a login endpoint in your web service. That login end point in your web service can use the SGW Admin user API to fetch the user and validate.
In addition to creating the user via the SGW, if you had also directly created a “user profile” type document in your couchbase server DB as part of the signup process (via appropriate CB SDK), you can query for the user document from your web service and validate the user.

Creating a per-user profile document during user sign up typically makes sense as you may want to store additional app specific data associated with each user.