ibm mobilefirst - Attaching cookie to WorkLight Adapter response header

Question

I am developing a mobile app using WorkLight 5.0.6 and I would like to attach a secure cookie to the response returned by an adapter.

We are not using a WorkLight Authentication realm because we do not wish to "bind" the session to a specific WL server in a clustered production environment. We authenticate the session by calling a sign-on adapter which authenticates the user details against a back end system. As part of the response from the sign-on adapter call I would like to create a secure cookie (http only) containing the authenticated information and attach it to the response returned from the sign-on adapter. The cookie should also be included in the header for subsequent Adapter made from the application call to the server.

Regards,

 Tom.

Answer 1

I would suggest trying to create a custom Worklight authenticator that communicates with your backend. Documentation for a custom authenticator can be found here:

http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v600/08_04_Custom_Authenticator_and_Login_Module.pdf

To answer your question, here is how I would approach it without using a custom authenticator:

• Make the adapter call to authenticate from the client

function authenticate(username, password){

  var invocationData = {
          adapter : 'authenticationAdapter',
          procedure : 'authenticate',
          parameters : [username, password]
  };

  WL.Client.invokeProcedure(invocationData, {
      onSuccess : authSuccess,
      onFailure : authFailure
  });     

}

• Get the cookie from the response on the client side and save it (I suggest saving using JSONStore which can also encrypt the saved cookie)

function authSuccess(response){
    console.log("Auth Success");
    var myCookie = response.invocationResult.responseHeaders.CookieName

    // Save cookie somehow
}

• On subsequent adapter calls, send the cookie from the client along with each request

function adapterRequestForProtectedResource(){

var mySecureCookie = getMyCookieFromLocalStorage();

  var invocationData = {
          adapter : 'protectedResourceAdapter',
          procedure : 'getResource',
          parameters : [mySecureCookie]
  };

  WL.Client.invokeProcedure(invocationData, {
      onSuccess : success,
      onFailure : failure
  });     

}

• On the adapter, set the cookie in the header

  function getResource(secureCookie) {

  // Secure cookie must be of the form:  "CookieName=cookievalue"
  
  var input = {
      method : 'get',
      returnedContentType : 'json',
      path : "/resource",
      headers: {"Cookie": secureCookie}
  };
  
  return WL.Server.invokeHttp(input);
  

  }