Question 202887 in Reactjs Question posted in
The new location for the React Documentation can be found here.

Reactjs – How to Implement Social Login in a Mobile App

I have implemented social logins with react and spring boots.
At that time, the react (front) requests a login page to the server,
and user enter their id and password
and the server issues an access token from the authentication server
I have issued a jwt token after inquiring user information on the authentication server with access token.

(above process image)
enter image description here

However, in the case of mobile apps (ex android), I don’t know how to authenticate login.
Can I get the access token from the authentication server on the mobile app and deliver it to the server(spring)?
But wouldn’t the way access tokens are delivered be a security risk? I want to know the standard process.

I want to know the process of implementing social login in a mobile app.

Tags:

2

Answers


  1. 0

    You’d do the exact same thing. From the point of view of a server, it doesn’t know or care if the client is a website or a mobile app- it’s the same API either way. (Now we can talk about your use of JWT, which isn’t the most secure thing, but that’s a separate issue).

    Login or Signup to reply.
  2. 0

    The OAuth standard way of doing it is described in RFC8252. This involves the mobile app starting an authorization code flow on the system browser, then listening for a response as described in either section 7.1 or 7.2.

    The authorization server then manages a second authorization code flow to the social provider. It deals with any implementation differences and issues tokens with a consistent identity and claims, regardless of which social identity provider a user signs in with.

    A mobile app does not use a backend redirect URI, since doing so would introduce its own threats, in terms of delivering the token to the app. Productivity advantages of RFC8252 are to externalize complexity from the app and to enable authentication to be extended in the best ways without code changes, eg with multiple factors.

    To see how this looks at a basic level, take a look at my introductory blog posts. Even if you don’t follow a pure OAuth solution, it is worth borrowing some ideas from the OAuth standards:

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search