Login using API, from a mobile APP

Kiko_Lobo · 2015-07-07 06:02:20 UTC

Hello,

I am working on an iOS app for a particular discourse forum (www.movic.me).

I want the users of my app to be able to login to their account to post and read notifications.

It would also be incredible to allow new users to register or login using Facebook/twitter accounts.

Is this possible?

I have working access to the API using the API key generated in the admin. However this will give my users admin privileges.

Anything that can point me in the right direction would be great!

riking · 2015-07-07 23:11:26 UTC

You’ll need to use a “cookie jar” library and X-CSRF-Token headers instead of API keys.

Kiko_Lobo · 2015-07-08 01:13:40 UTC

Jaix!

Can you explain a little more details?

Is that a plugin? or a library or HTTP headersI use on the API request?

Anything that can point me in the right direction would be great!

Kiko_Lobo · 2015-07-09 07:26:36 UTC

I understand that I will have to hold the cookies somewhere. However how will a user obtain the X-CSRF-Token thru the API and how will he be able to sign in if he registered using Facebook for instance?

And if I am creating a new user using the API is there a way to sign him up using Facebook?

riking · 2015-07-09 14:16:22 UTC

GET /session/csrf.json

Yes - use some kind of WebView that saves to the same cookie jar you use for everything else.

I’m not going into much detail here because these are the kind of things you’ll need to figure out in order to succeed on this.

Kiko_Lobo · 2015-07-10 18:18:25 UTC

One last question. If I am doing the app in iOS… Does the cookie jar thing still applies?

accalia · 2015-07-10 19:15:01 UTC

yes. you need to store the cookies set by Discourse so that it knows who you are for each request. without the cookiejar you are a different, unauthenticated, person as far as discourse can tell every time you make a request

Kiko_Lobo · 2015-07-11 07:19:47 UTC

Thank you for the info. really helpful!

So basically, I go to Facebook and get a token (either because the user is registering or signing up, I get an OAuth token)… I store that token locally and use that token for every request.

So basically the cookie jar is a way to store that key locally correct? Not necessarily a framework of some sort.

¿Correct?

accalia · 2015-07-11 13:55:08 UTC

That is correct. Most HTTP client libraries have such a capability built in, although it usually isn’t utilized by default.

chitale_prasad · 2016-09-13 09:55:08 UTC

Hello,

Just curious to know if you were able to connect your mobile app to the forum.

It will be great if you can share your experience about the same.

Regards
Prasad

sam · 2016-09-14 04:55:03 UTC

see: GitHub - discourse/DiscourseMobile: Discourse Mobile Notifier for an example of how this is done using user api keys.