Community Tip - You can change your system assigned username to something more personal in your community settings. X
Hello Everyone,
I am developing an App with Ionic 3 and I would like to create a login Page in my App. The Login Page should take Username and Password and check whether these are valid credentials for a Thingworx User.
What would be the easiest way to achieve this via a rest call?
When you open the composer, a login prompt appears. It would be nice to simply use the service behind this login prompt (which also just takes username and password) in order to verify the user.
Any help is appreciated very much.
Best Regards,
Dominik
Would Form Login be something to satisfy your requirements?
Hello @posipova,
thank you for your reply. Unfortunately this is not exactly what I was looking for.
I want the user to login into my app which has its own login "page". In this app I will make Rest Calls in order to retrieve Property Values of Things and in order to execute services. For these Rest Calls I want to use the User Credentials for Authentication (not the application Key as usual)
Because of that I simply want to check whether the given user with the given password is a legit Thingworx user.
On our Ionic Apps:
We have an old one done with Ionic 1 and the new one that we are developing with Ionic 4, here it's a sample of the API call in order to get the appKey:
login(username: string,password: string) { var apiURL:string = "/Thingworx/Things/wupAppAuthenticatorHelpers/Services/GetAppKey_wupAppAuthenticatorTS"; var encodedData = window.btoa(username + ":" + password); let headers = new HttpHeaders({ 'Content-Type': 'application/json', 'Accept': 'application/json', 'Authorization': 'Basic '+encodedData, 'Cache-Control': 'no-cache' }); let httpOptions = { headers: headers /*, withCredentials: true */ }; var content = JSON.stringify({ "context": this.conf.getAppContext() }); this.http.post<any>(apiURL, content,httpOptions) .subscribe( res => { this.handleLoginResult(res); }, err => { this.handleLoginError(err); } ); }
Where "wupAppAuthenticatorHelpers/Services/GetAppKey_wupAppAuthenticatorTS" it's a helper thing/service that generates the appKey.
Then the rest of calls should be something like:
let apiURL = "DesiredTWAPIEndPoint"; let headers = new HttpHeaders({ 'Content-Type': 'application/json', 'Accept': 'application/json', 'x-thingworx-session': 'true', 'appKey': previouslyAppKeyReceived }); let httpOptions = { headers: headers }; var content = JSON.stringify({ yourJsonContent }); this.http.post<any>(apiURL, content,httpOptions) .subscribe( res => { this.handleResult(res); }, err => { this.handleError(err); } );
This looks like something I would like to achieve. Gonna try this out and let you know how it worked.
How long do you keep these AppKey Tokens on the Thingworx Platform? If you create an appKey for every Login Request you will have a lot of created app key after a while.
Are you deleting them manually or what do you do with these "expired" app Keys?
Best Regards,
Dominik
User experience on a Mobile App usually it's logon once and forget... That's the reason to use the appKeys
Of course you can track API usage by users and if they don't query anything for a month o similar you can automatically remove the appKeys (just add a Scheduler that once in a while does this check).
"User experience on a Mobile App usually it's logon once and forget... That's the reason to use the appKeys"
Could you please explain that more detailed? I dont understand the "forget" part.
Usually when you are on a mobile App the session "never" expires, that's way I say logon once and "forget"
Alright I understand that.
Could you also give me some hints how you wrote the AuthenticatorHelper?
How do you check whether a given User name and given Password are valid credentials? (and I guess only if they are the appkey is created)
The authentication it's done by ThingWorx you don't need to handle it, on the code attached on my first post there's the clue on that:
// -- here you "encode" de data to be sent as Basic Authentication var encodedData = window.btoa(username + ":" + password); let headers = new HttpHeaders({ 'Content-Type': 'application/json', 'Accept': 'application/json', // -- Here you pass the Basic Authentication data 'Authorization': 'Basic '+encodedData,
About the Application Key -> You have to create it with code when the user sucesfully logs in (it's what it does the AuthenticationHelper.
About the AuthenticationHelper --> It's a bit complicated, as per ensure security I've use Rest API calls on the same thingworxserver in order to "impersonate" de current user to a user which has Application Keys creation permissions (current users shoudn't have this kind of permissions).
Thank you for your explanation, I think I understand now
Hi @drieder.
If one of the previous responses allowed you to solve your issue, please mark the appropriate one as the Accepted Solution for the benefit of others with the same issue.
Thank you for using our Community!
Regards.
--Sharon