0

I am developing a mobile app using WorkLight 5.0.6 and I would like to attach a secure cookie to the response returned by an adapter.

We are not using a WorkLight Authentication realm because we do not wish to "bind" the session to a specific WL server in a clustered production environment. We authenticate the session by calling a sign-on adapter which authenticates the user details against a back end system. As part of the response from the sign-on adapter call I would like to create a secure cookie (http only) containing the authenticated information and attach it to the response returned from the sign-on adapter. The cookie should also be included in the header for subsequent Adapter made from the application call to the server.

Regards,

 Tom.
Tom Borland
  • 1
  • 1

1 Answers1

5

I would suggest trying to create a custom Worklight authenticator that communicates with your backend. Documentation for a custom authenticator can be found here:

http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v600/08_04_Custom_Authenticator_and_Login_Module.pdf

To answer your question, here is how I would approach it without using a custom authenticator:

  • Make the adapter call to authenticate from the client

function authenticate(username, password){

  var invocationData = {
          adapter : 'authenticationAdapter',
          procedure : 'authenticate',
          parameters : [username, password]
  };

  WL.Client.invokeProcedure(invocationData, {
      onSuccess : authSuccess,
      onFailure : authFailure
  });

}

  • Get the cookie from the response on the client side and save it (I suggest saving using JSONStore which can also encrypt the saved cookie)
function authSuccess(response){
    console.log("Auth Success");
    var myCookie = response.invocationResult.responseHeaders.CookieName

    // Save cookie somehow
}
  • On subsequent adapter calls, send the cookie from the client along with each request

function adapterRequestForProtectedResource(){

var mySecureCookie = getMyCookieFromLocalStorage();

  var invocationData = {
          adapter : 'protectedResourceAdapter',
          procedure : 'getResource',
          parameters : [mySecureCookie]
  };

  WL.Client.invokeProcedure(invocationData, {
      onSuccess : success,
      onFailure : failure
  });

}

  • On the adapter, set the cookie in the header

    function getResource(secureCookie) {

    // Secure cookie must be of the form:  "CookieName=cookievalue"

var input = {
    method : 'get',
    returnedContentType : 'json',
    path : "/resource",
    headers: {"Cookie": secureCookie}
};

return WL.Server.invokeHttp(input);

    }

jnortey
  • 1,625
  • 2
  • 10
  • 17