Reputation: 865
Basic authentication session management Domino
I have a following use case for which I need some pointers/hints/approaches for the solution.
I have to make a login screen for android app following which there will be other screens that would do REST based calls with the server hosted at Domino.
Now for login activity i think that basic authentication seems to be easiest solution (please correct me if i am wrong). The server already has the functionality to support web based application (session based communication which browser handles automatically with domino).
Now the problem part
- I do not want server to have change its code for the android as server fulfills the requests either for android app OR web based application with the same data. How can I achieve a user scope (i.e. that i can know that subsequent operations are being done by the same user who just logged in successfully via android app) via basic authentication. I suspect Domino does not allow you to access session ID or DOM auth ID which browser intrinsically passes in case of web based application. How can I achieve this functionality from android app ??
- If I use basic authentication and send the data then i noticed that if i set some session scoped variable during first call PUT, then I do not get that value back while i try to fetch it in next GET call from my android app. I believe the session does not exists anymore between these two calls ?
- In case of basic authentication, does server needs to do something extra in subsequent calls post successfull login ? for ex: to fetch the list of students in a particular university using REST api, but in order to check if the user is entitled to such an operation server has to know about this user access rights, which in general is stored as a session info in session based authentication procedure.
I understand that in case of basic authentication we pass user id and password with each calls to the server. My main question is that how server handles this user id and password ? does it do some kind of checks each time to check the user permissions for relevant operations ?
Thanks
Upvotes: 1
Views: 1032
Answers (1)
Reputation: 14628
Re this:
I suspect Domino does not allow you to access session ID or DOM auth ID which browser intrinsically passes in case of web based application. How can I achieve this functionality from android app
Domino just uses cookies to pass the session info back and forth to the client. Depending on which type of session authentication you have set up on the server, it's either DomAuthSessId or LtpaToken. See here for more info.
So I'm going to disagree with you about the presumption that basic authentication is the easiest way to go. If the server is already set up for session authentication, then all you would have to do is make sure that you get the cookie from the response to your login screen and add it to all your HTTP calls and you'll be have your session.
Upvotes: 2
Related Questions
- How to login to Domino session based authentication using Postman?
- XPages REST component and authentication
- Lotus Domino c# LtpaToken class
- How to create a Domino webuser session without knowing the user's password?
- Java Notes API: Create Client Session with Domino Libraries
- Two-factor Authentication for IBM Domino XPages
- .NET - Consuming HTTP services on (Domino) server with form based authentication
- How to authenticate users in Lotus Domino 8.5.3 through Domino Data Service REST API
- Consume REST service in server-based agent
- Android HTTP authentication on Lotus Domino server