trantrongtri7993 | 2020-10-28 20:35:13 UTC | #1
I searched around on this topic but couldn't find much info. Does either of these two provide a framework to authenticate/authorize with user info stored on cloud database (let's assume SQL kind). While the app runs on local machine, it requires an authentication and user-based authorization. Storing user data on local machine or local server is a no-go for me. Any sources of reading on this topic is very much appreciated.
martin | 2020-11-10 20:06:52 UTC | #2
Hi @trantrongtri7993 welcome to the forum. Sorry for the late reply, I've been overhauling the site a bit and missed this when it came in.
So there aren't any examples I can recommend (I've put a tutorial on this topic into the backlog) but the options you have depend on how secure you want to make the application.
- simple login, have a check at startup to "login" against a remote server. If this fails, store this state and disable the UI in some way. This can either be entirely, or partially.
- have a login against a server, but retrieve a key that unlocks certain code. In this case, you would be using the key to decode data (or code) that is required for the app to function. Without it, it simply won't work.
- have a login, that once authenticated allows you to send work to the server. In this case the locked behaviour happens on the server.
(3) is the most secure, but adds costs for a server to run the (potentially heavy) workloads. (2) is pretty secure, in that without a key your app is useless. However, once decoded that data is in memory & the app can be hacked around this. (1) is the least secure, but will still be enough to deter most casual users. The choice (as always) is a cost/benefit decision for your use case.
In each case though the data storage (database, SQL, etc.) isn't really something you're app should care about. Your authentication server should provide an API which your app can interact with -- this can be through http requests.
