Registering Your Device

The Use Case is here: Register Device

Overall process

  • The Access Token is the primary determinant on the client whether or not registration has occurred. If the Access Token is absent, proceed down the Registration path.
  • Clearing the Access Token is a good way to trigger the app to go down the registration path.
  • The test whether or not the Access Token is valid occurs on the backend (Check Registration API)
  • Back-end test includes expiration; no expiration data is used on the client for determining whether a token is valid or not.
  • If back-end doesn't validate the token, and the client possesses a renewal token, the renewal can be attempted to obtain a new access token and try again.

Value provided

  • Verifying an Email Address to serve as Principal in both ClueRide system and the BadgeOS system.
  • Allowing the use of a short-lived and opaque "access" token to be established for identifying the session and sharing the identity information.
  • Sharing of sensitive information only occurs with trusted devices.

Topics

  • Registering other devices should be handled (FUTURE, but don't paint ourselves into a corner)

Auth0

Design Page for Auth0: Auth0 Design

Auth0 provides the following desirable features:

  • Works with Ionic apps
  • Passes back and forth an opaque and short-lived access token, unique for each user and session.
  • Provides Social Logins. (There is a limit of two, but Google and Facebook are good entry points).
  • Infrastructure and support for
    • handling multiple apps
    • logging attempts and failures

Device Identification vs Installation Identification

FUTURE items for the most part, but good to keep in mind:

  • Hardware ID is useful to confirm that the device is indeed the device we think it is, but this can't be used to completely determine the Member — the device may be wiped and then handed to someone else for their use. Need link between device ID (to tell when device has changed or allow multiple devices) and the Member's Principal.
  • Identify a given installation since a particular device may be wiped and then handed to someone else; don't want to think that the new user should be afforded the same identification as the previous user. Discussion conducted here: https://android-developers.googleblog.com/2011/03/identifying-app-installations.html
  • It does make sense to capture the information that is available in the Ionic Platform API: https://ionicframework.com/docs/api/platform/Platform/ within the database as part of registration:
    • Platform type: ios, android, etc
    • Platform form factor: height/width of display
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License