Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Stormpath Launches Client API to Simplify Mobile and Frontend Authentication

Stormpath Launches Client API to Simplify Mobile and Frontend Authentication

This item in japanese

Stormpath, a provider of authentication, authorization, social login, and other user management related API services, recently launched a new Client API with the aim of simplifying mobile and front-end authentication and registration.

The new API compliments Stormpath's backend focused REST API, simplifying the development process for client-side and mobile application developers. In particular, the Client API conducts basic user registration and authentication without the need to pass an administrative key for each request.

The client API should be more suitable for use in micro-service or serverless architectures, according to Stormpath, since "you no longer have to host API endpoints to authenticate mobile and frontend clients, or add the operational overhead of hosting an authentication service."

Consequently, use of the client API reduces the amount of server-side code a developer must host to use the Stormpath API. However, it does not completely eliminate the need for server-side code altogether since access tokens must still be validated against Stormpath:

With an access token from the Stormpath, your web services still need to authenticate and authorize the end user. The access token proves that the user has authenticated with the Client API, and just as always, you can use our helpers to validate the Stormpath access token and protect access to your API endpoints.

This provides front-end and mobile developers a Stormpath-hosted login and registration system which includes social login options. Once authenticated, the authenticated user's OAuth token can be passed from the client-side or mobile code to the developer's server-side API and then validated using the Stormpath REST API.

Combining the client API and existing Stormpath REST API eliminates the need for developers to recreate many of the common login, registration, and authentication routes in their server-side applications.

According the current Stormpath Client API documentation, developers can do the following actions via the client-side code:

  • Authenticate an existing user and get back OAuth 2.0 tokens
  • Retrieve the current user's Account information
  • Revoke the user's OAuth tokens
  • Register a new user
  • Trigger the email verification workflow, as well as send a verification of that email
  • Trigger the password reset email, as well as send an updated password

Stormpath has provided basic SDKs and example code for Angular, React, a Rivet.js-based JavaScript Widget, as well as iOS (Swift and Objective-C) and Android (Java) for native mobile applications.

Rate this Article