Eme Fibonacci Well-Known Member Licensed User Longtime User Aug 6, 2017 #1 Imagine the scenario: 1) User opens my app and do login using firebase (google or facebook). Then the app gets a token from firebase. 2) Users create some data. 3) App send created data, email and token to my server b4x. On b4x I check if the token is valid and if it matches the email sent. Question: My app should send token and email for every request made to my b4x server? What would be the best practice? Thank.
Imagine the scenario: 1) User opens my app and do login using firebase (google or facebook). Then the app gets a token from firebase. 2) Users create some data. 3) App send created data, email and token to my server b4x. On b4x I check if the token is valid and if it matches the email sent. Question: My app should send token and email for every request made to my b4x server? What would be the best practice? Thank.
Erel B4X founder Staff member Licensed User Longtime User Aug 6, 2017 #2 I guess that you are using FirebaseServer to verify the token: https://www.b4x.com/android/forum/threads/68672/#content You don't need to verify the token each request. You can store a value in the user session that says that that user is authenticated. Upvote 0
I guess that you are using FirebaseServer to verify the token: https://www.b4x.com/android/forum/threads/68672/#content You don't need to verify the token each request. You can store a value in the user session that says that that user is authenticated.
Eme Fibonacci Well-Known Member Licensed User Longtime User Aug 6, 2017 #3 Erel said: I guess that you are using FirebaseServer to verify the token: https://www.b4x.com/android/forum/threads/68672/#content You don't need to verify the token each request. You can store a value in the user session that says that that user is authenticated. Click to expand... Yes, I'm using Firebase Server. Just thinking about the first login: Is it safe to send the app token to the server? This is correct? Upvote 0
Erel said: I guess that you are using FirebaseServer to verify the token: https://www.b4x.com/android/forum/threads/68672/#content You don't need to verify the token each request. You can store a value in the user session that says that that user is authenticated. Click to expand... Yes, I'm using Firebase Server. Just thinking about the first login: Is it safe to send the app token to the server? This is correct?
Erel B4X founder Staff member Licensed User Longtime User Aug 7, 2017 #4 Eme Fibonacci said: Is it safe to send the app token to the server? Click to expand... Yes. The token cannot be used anyway without the server key. Upvote 0
Eme Fibonacci said: Is it safe to send the app token to the server? Click to expand... Yes. The token cannot be used anyway without the server key.