Login and Logout
The Application Server provides login and logout support for development teams that wish to store their users and
user account information inside of Cloud CMS Domains. Cloud CMS Domains are LDAP-like storage facilities for users,
groups, group memberships and more. They're not required, technically, since the Application Server can accommodate
other storage facilities (such as LDAP itself), but they're incredibly useful if you can use them since they
let you take advantage of user-scoped role-based authorities and permissions within Cloud CMS.
Under the hood, Express is used to manage user sessions. You're free to customize the way the underlying Express
sessions are managed but at the end of the day, it is Express and the Connect middleware that is relied upon to
manage session state and session tracking.
As such, when you login to the Application Server, you will see a connect.sid
cookie get written down which
contains the Node.js Connect Session identifier.
It is important to keep in mind that logging in to the Application Server means that the user's session (on the
Application Server) is authenticated to the Cloud CMS API. The browser or mobile application (on the device or
in the web browser) is not authenticated. All browser interaction with the Cloud CMS API first hits a controller
on the Application Server and the Application Server makes calls back to the Cloud CMS API on the client's behalf.
Domain Selection
By default, the authentication services will run against the "principals" Domain of your Application's Stack. Your
application is identified in your gitana.json
file by setting the application
property to the ID of the
application. Your application needs to be assigned to a Stack. And the Stack should have a Domain assigned to it
with the key principals
.
Login
Your mobile or web application should present a form that collects at minimum two pieces of information:
username
- the login name for the userpassword
- the password for the user
At minimum, these properties should be form POSTed as application/x-www-form-urlencoded to:
POST /login
You may optionally provide the following parameters to help drive navigation as a result of the login operation:
successUrl
- the URL to redirect to if the login succeedsfailureUrl
- the URL to redirect to if the login fails
If either of these aren't available, the redirection scheme will default to taking the user back to the same page.
Logout
To logout, simply point the browser to the following URL:
GET /logout
You may optionally provide the following parameters to handle the result of the logout operation:
redirectUri
- the URL to redirect to once the logout completes
Logging out means that that the Node.js session will be terminated. The user will be logged out and their Cloud CMS
API OAuth access token will be expired. In other words, they user is logged off of the Node.js application and the
Cloud CMS API all in one fell swoop.