Web Services Mobile compatibility


I tried building a Native Mobile App on Android which would plug itself on the Axelor’s REST WebServices but I couldn’t even pass the login phase…
Axelor uses session cookies, generated at the login phase, to authenticate the user. This is fine for a browser application, but unfortunately, this does not seem to work well with Native apps. Am I doing something wrong ? Did anybody tried that before ?

Is there any plan to implement an OAuth/XAuth authentication mechanism to complete the session Auth Services ?


You need to enable CORS support for preflight requests to allow mobile apps to call Axelor’s REST WebServices.

Here are the cors settings that should be added in application.properties file :

# CORS configuration
# ~~~~~
# CORS settings to allow cross origin requests

# regular expression to test allowed origin or * to allow all (not recommended)
#cors.allow.origin = *
#cors.allow.credentials = true
#cors.allow.methods = GET,PUT,POST,DELETE,HEAD,OPTIONS
#cors.allow.headers = Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers

Set cors.allow.origin = * to allow all domains, or set to list of domains to allow (comma separated).



Thanks for the reply. I did see the CORS parameters in the documentation and have used it in other mobile applications, but the behavior right now did not seem to be caused by it so I must admit I did not tested it…

Just to be sure, I added the parameters and tested again. As I suspected, no changes…

I am an experienced Java Developer but I am fairly new to Mobile development so I might have some flaws in my understanding of how cookies are handled on native applications. Feel free to correct me if I’m wrong.

From my knowledge and what I found on other forums regarding Android, cookies work fine if you are building an Hybrid Application that bundles a browser and simply display web pages (like an Ionic app) or if you build a native app which is using a WebView, but it simply does not seem to work in a purely native app which simply calls a REST API.
That’s why most REST API now use token based authentication like OAuth since they work both with mobile apps and browsers.

For more details, I created a quick POC using NativeScript, so maybe the issue purely comes from the framework… but I have some doubts since I did not found any link describing how to handle cookies Android outside a WebView.
I might upload it to GitHub if that helps.

Do you have any knowledge of people building an Android App, not using WebView, and managing to consume the Axelor’s REST API ? Any Open Source project that I might look at ?

Also, I’m kind of thinking about contributing to the Open Source project and provide a simple REST API for OAuth authentication.
Could you pinpoint me where I should start to look in the source to add a new authentication mechanism and authentication verification ?

Best regards

Hello ?

No reply ??

I do not see the link with the current issue… would you mind explaining ?