Welcome Guest, Not a member yet? Register   Sign In
token based Authentification with LDAP
#1

Hello everybody,

I hope, somebody can help me. For my past projects I always used Ion-Auth for the authentification. Now I start an new android webapp project. For the web-views I use Codeigniter and I want to implement the authentification with tokens. For this I get all user data from a ldap-server. The connection to the ldap-server works fine and I can authenticate direct by using sessions.

Now I want to connect the Webapp. For this I sent the user und password to the server and receive a json string (JWT):

PHP Code:
$user $_POST['userl'];
$password $_POST['password'];

// ldap authentification
$this->auth_ldap->login($user$password);

$response = ...

echo 
json_encode($response);  // token 

The webapp will store the token in a sqlite database. Logout will clear the database.
For the view calls I alway check the token:

Code:
decode($_POST['token'], 'secret_server_key');

Combined The workflow goes like
  • The user calls authentication service, usually sending username and password.
  • The authentication service responds with a signed JWT, which says who the user is.
  • The user requests access to a secured service sending the token back.
  • Security layer checks the signature on the token and if it's genuine the access is granted.
So far, so good, but how will the token be stored serversides? This is unclear to me.

I hope, sombody can help me.
Thanks Thomas
Reply




Theme © iAndrew 2016 - Forum software by © MyBB