Alright so here is the scenario I am building a web api with node and express framework as a back-end. I wpuld like to build both a web app (SPA) and (hopefully) follow it up with a native mobile app.The app will allow users to authenticate using facebook/google as well as email/password.And thats where i hit the wall. Reading up it seems oauth is what is widely used but apparently there is different grants recommended for SPA and native mobile applications.JWT seems to be used but comes with a lot of negativity. And it can be used with oauth.And apparently sessions being stateful and all do not scale well.And cookies not being very well handled in native mobile applications.......The only mitigated solution i can think of is to build separate api end points for the mobile and web apps (for the oauth point)How do popular apps such as fb, reddit, twitter do this?What is the standard way building a web api to be consumed by different types of clients?Can someone just please point me in the right direction?
Submitted January 21, 2018 at 10:48PM by featurecritic
No comments:
Post a Comment