Login and Logout

The Application Server provides login and logout support for development teams that wish to store their users and
user account information inside of Cloud CMS Domains. Cloud CMS Domains are LDAP-like storage facilities for users,
groups, group memberships and more. They're not required, technically, since the Application Server can accommodate
other storage facilities (such as LDAP itself), but they're incredibly useful if you can use them since they
let you take advantage of user-scoped role-based authorities and permissions within Cloud CMS.

Under the hood, Express is used to manage user sessions. You're free to customize the way the underlying Express
sessions are managed but at the end of the day, it is Express and the Connect middleware that is relied upon to
manage session state and session tracking.

As such, when you login to the Application Server, you will see a connect.sid cookie get written down which
contains the Node.js Connect Session identifier.

It is important to keep in mind that logging in to the Application Server means that the user's session (on the
Application Server) is authenticated to the Cloud CMS API. The browser or mobile application (on the device or
in the web browser) is not authenticated. All browser interaction with the Cloud CMS API first hits a controller
on the Application Server and the Application Server makes calls back to the Cloud CMS API on the client's behalf.

Domain Selection

By default, the authentication services will run against the "principals" Domain of your Application's Stack. Your
application is identified in your gitana.json file by setting the application property to the ID of the
application. Your application needs to be assigned to a Stack. And the Stack should have a Domain assigned to it
with the key principals.

Login

Your mobile or web application should present a form that collects at minimum two pieces of information:

  • username - the login name for the user
  • password - the password for the user

At minimum, these properties should be form POSTed as application/x-www-form-urlencoded to:

POST /login

You may optionally provide the following parameters to help drive navigation as a result of the login operation:

  • successUrl - the URL to redirect to if the login succeeds
  • failureUrl - the URL to redirect to if the login fails

If either of these aren't available, the redirection scheme will default to taking the user back to the same page.

Logout

To logout, simply point the browser to the following URL:

GET /logout

You may optionally provide the following parameters to handle the result of the logout operation:

  • redirectUri - the URL to redirect to once the logout completes

Logging out means that that the Node.js session will be terminated. The user will be logged out and their Cloud CMS
API OAuth access token will be expired. In other words, they user is logged off of the Node.js application and the
Cloud CMS API all in one fell swoop.