I am making an API in Flask for a simple jQuery mobile + PhoneGap app to be packaged and downloaded. As I understand, all the calls to the database should be made with JavaScript, AJAX, and JSON. Since the app is about the user, and all of the views draw data from the logged user, I am not sure how to proceed with the authentication. As I understand, the workflow should be:
- user logs in (json encoded username and password)
- server generates token with expiration (i.e. 24h) for that user
- this token is saved on the mobile app as a cookie or in localstorage
- all of the calls to the server are done with this token which identifies the current user:
/api/token=12345 - when the toke expires, a new login prompt is required
I thought of implementing this with Flask-Security's authentication token. Is there a more straightforward way of accomplishing this?
Flask-JWT seems like a pretty straight-forward solution.
Then on the front end you can just add an HTTP interceptor to add
X-Auth-Tokento the headers or something.