0

I have a Node.js server using PassportJS that uses social login via Google, Facebook, and Twitter.

The Node.js server hosts an API that uses the PassportJS middleware to authenticate routes and securely serve the data. The API exists to serve an iOS application which will be where the user "logs in" through Google, Facebook, Twitter and will subsequently create their account on my service.

How can I accomplish this when the mobile SDKs for the respective companies are for a direct communication between my client and their server? I essentially want a way for my client which talks to my server which talks to their server. Please let me know if the overall idea is incorrect as well.

Carpetfizz
  • 8,707
  • 22
  • 85
  • 146

1 Answers1

0

I believe the right way to do it is to integrate the mobile app with social login, not your website.

Depending what technology you use in your app, you can find libraries to make it easier for you. On your app, it would be a native pop-up, or a simple app-redirect to Facebook app, or Google app or whatever to get the permissions and then a app-redirect back to your app.

You probably dont want a browser to pop out and redirect the user to facebook. A lot of users just use facebook app on their smartphones and they are not even logged-in facebook website in their smartphone's browser.

Once you get the permission and get the user's information, you can securely send those data to your server and store them for future use. You can associate those information with device ID, or generate a token and sent it back to the user's device and store it there for future authentications.

Aᴍɪʀ
  • 7,623
  • 3
  • 38
  • 52