BT

Stormpath Launches Client API to Simplify Mobile and Frontend Authentication

| by Benjamin Young Follow 1 Followers on Feb 20, 2017. Estimated reading time: 1 minute |

Stormpath, a provider of authentication, authorization, social login, and other user management related API services, recently launched a new Client API with the aim of simplifying mobile and front-end authentication and registration.

The new API compliments Stormpath's backend focused REST API, simplifying the development process for client-side and mobile application developers. In particular, the Client API conducts basic user registration and authentication without the need to pass an administrative key for each request.

The client API should be more suitable for use in micro-service or serverless architectures, according to Stormpath, since "you no longer have to host API endpoints to authenticate mobile and frontend clients, or add the operational overhead of hosting an authentication service."

Consequently, use of the client API reduces the amount of server-side code a developer must host to use the Stormpath API. However, it does not completely eliminate the need for server-side code altogether since access tokens must still be validated against Stormpath:

With an access token from the Stormpath, your web services still need to authenticate and authorize the end user. The access token proves that the user has authenticated with the Client API, and just as always, you can use our helpers to validate the Stormpath access token and protect access to your API endpoints.

This provides front-end and mobile developers a Stormpath-hosted login and registration system which includes social login options. Once authenticated, the authenticated user's OAuth token can be passed from the client-side or mobile code to the developer's server-side API and then validated using the Stormpath REST API.

Combining the client API and existing Stormpath REST API eliminates the need for developers to recreate many of the common login, registration, and authentication routes in their server-side applications.

According the current Stormpath Client API documentation, developers can do the following actions via the client-side code:

  • Authenticate an existing user and get back OAuth 2.0 tokens
  • Retrieve the current user's Account information
  • Revoke the user's OAuth tokens
  • Register a new user
  • Trigger the email verification workflow, as well as send a verification of that email
  • Trigger the password reset email, as well as send an updated password

Stormpath has provided basic SDKs and example code for Angular, React, a Rivet.js-based JavaScript Widget, as well as iOS (Swift and Objective-C) and Android (Java) for native mobile applications.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT