I tried building a Native Mobile App on Android which would plug itself on the Axelor’s REST WebServices but I couldn’t even pass the login phase…
Axelor uses session cookies, generated at the login phase, to authenticate the user. This is fine for a browser application, but unfortunately, this does not seem to work well with Native apps. Am I doing something wrong ? Did anybody tried that before ?
Is there any plan to implement an OAuth/XAuth authentication mechanism to complete the session Auth Services ?
You need to enable CORS support for preflight requests to allow mobile apps to call Axelor’s REST WebServices.
Here are the cors settings that should be added in application.properties file :
# CORS configuration
# ~~~~~
# CORS settings to allow cross origin requests
# regular expression to test allowed origin or * to allow all (not recommended)
#cors.allow.origin = *
#cors.allow.credentials = true
#cors.allow.methods = GET,PUT,POST,DELETE,HEAD,OPTIONS
#cors.allow.headers = Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
Set cors.allow.origin = * to allow all domains, or set to list of domains to allow (comma separated).
Thanks for the reply. I did see the CORS parameters in the documentation and have used it in other mobile applications, but the behavior right now did not seem to be caused by it so I must admit I did not tested it…
Just to be sure, I added the parameters and tested again. As I suspected, no changes…
I am an experienced Java Developer but I am fairly new to Mobile development so I might have some flaws in my understanding of how cookies are handled on native applications. Feel free to correct me if I’m wrong.
From my knowledge and what I found on other forums regarding Android, cookies work fine if you are building an Hybrid Application that bundles a browser and simply display web pages (like an Ionic app) or if you build a native app which is using a WebView, but it simply does not seem to work in a purely native app which simply calls a REST API.
That’s why most REST API now use token based authentication like OAuth since they work both with mobile apps and browsers.
For more details, I created a quick POC using NativeScript, so maybe the issue purely comes from the framework… but I have some doubts since I did not found any link describing how to handle cookies Android outside a WebView.
I might upload it to GitHub if that helps.
Do you have any knowledge of people building an Android App, not using WebView, and managing to consume the Axelor’s REST API ? Any Open Source project that I might look at ?
Also, I’m kind of thinking about contributing to the Open Source project and provide a simple REST API for OAuth authentication.
Could you pinpoint me where I should start to look in the source to add a new authentication mechanism and authentication verification ?