so a question which has been confusing me. I have created a simple API server using ruby on rails and able to read the data through my android program i created. SO I wanted to create a user register/login , however then it struck me i would probably need a token authentication so that not everyone can come and delete my entire database right ? However, now im confused , do i need to have 2 authentication before using the API then ? One for social media such as facebook, twitter , g+ , and one for the API itself ? I know it sounds silly, why would i need two authentication? But i thought i best ask look around first for my answer. Also since i heard facebook authentications token usually expire every 90 days.. does that mean i have to relogin the user every 90 days ? Would be good if someone can point me to the right direction
1 Answer
Have you hear about Firebase? They have quite a lot of examples on how to handle authentication with their services. They can handle your backend easily for you.
Best thing about Firebase is that it is free for low usage apps and the pricing is quite reasonable for a small team.
Here are some useful links.
3 Comments
Napmi
Ok, so.. i use firebase to create an authentication system to login through many social media platforms. I understand the communication establihed through URL construction and json files example , api.appname.com/v1/posts . how do i stop these smart people from just simply using POSTMAN to send a request to destroy all my database ?
Kobus Pitzer
Firebase handles it for you. firebase.google.com/docs/database/security/securing-data, also it is never a good idea to allow a user drop access to a database.
Napmi
Because usually i have a user database i can code in the controller logic so that , i can check only current_user can delete it's own records. However, it seems now my user table will be stored with google firebase , do i apply this restriction logic now on my android app ? or do i just create an extra user table on my rails app and apply all my logic there ?