Login and Logout
The Application Server provides login and logout support for development teams that wish to store their users and user account information inside of Cloud CMS Domains. Cloud CMS Domains are LDAP-like storage facilities for users, groups, group memberships and more. They're not required, technically, since the Application Server can accommodate other storage facilities (such as LDAP itself), but they're incredibly useful if you can use them since they let you take advantage of user-scoped role-based authorities and permissions within Cloud CMS.
Under the hood, Express is used to manage user sessions. You're free to customize the way the underlying Express sessions are managed but at the end of the day, it is Express and the Connect middleware that is relied upon to manage session state and session tracking.
As such, when you login to the Application Server, you will see a
connect.sid cookie get written down which contains the Node.js Connect Session identifier.
It is important to keep in mind that logging in to the Application Server means that the user's session (on the Application Server) is authenticated to the Cloud CMS API. The browser or mobile application (on the device or in the web browser) is not authenticated. All browser interaction with the Cloud CMS API first hits a controller on the Application Server and the Application Server makes calls back to the Cloud CMS API on the client's behalf.
By default, the authentication services will run against the "principals" Domain of your Application's Stack. Your application is identified in your
gitana.json file by setting the
application property to the ID of the application. Your application needs to be assigned to a Stack. And the Stack should have a Domain assigned to it with the key
Your mobile or web application should present a form that collects at minimum two pieces of information:
username- the login name for the user
password- the password for the user
At minimum, these properties should be form POSTed as application/x-www-form-urlencoded to:
You may optionally provide the following parameters to help drive navigation as a result of the login operation:
successUrl- the URL to redirect to if the login succeeds
failureUrl- the URL to redirect to if the login fails
If either of these aren't available, the redirection scheme will default to taking the user back to the same page.
To logout, simply point the browser to the following URL:
You may optionally provide the following parameters to handle the result of the logout operation:
redirectUri- the URL to redirect to once the logout completes
Logging out means that that the Node.js session will be terminated. The user will be logged out and their Cloud CMS API OAuth access token will be expired. In other words, they user is logged off of the Node.js application and the Cloud CMS API all in one fell swoop.