I have :
- a backend app, done with sails.js.
- a mobile application, done with ionic framework.
I would like to accomplish :
- give to the users, on my login page, the opportunity to sign-up/sign-in with facebook, twitter, google, and "local".
- on my server, I'd like to have a single collection of users, registred, with both local users and provider-authenticated users.
My primary goal, through this question, is to understand the multiple strategies and concerns of provider-authentication inside SPA (be a web app or a native mobile app). I've read many things about 0Auth, OpenID, client-side auth vs server-side auth, session based auth vs token based auth... I just don't get it. There is too much information out there about this and I'm pretty lost.
- What are the possible flows ?
- I think I got that I can authenticate with both OpenID and 0Auth, but which one should I use ?
- On mobile, can I authenticate with "the facebook app" instead of using a web endpoint ?
- I usually hear about "callbacks" after auth, what about them in a mobile app, where there is no web-server ?
NB: I'm not directly looking for implementations or libraries (like passport or sails-auth). I'm looking for an explainations of the different approaches and flows. Though, I'm open to discover some libraries as examples of the words
