| Table of Contents |
|---|
This article is still under development.
Where to find Security
Mobsted uses various built-in ways to authenticate your users into applications. This section can be accessed through either App's menu, magenta box ↓
...
NOTE 1 - the refresh token is all that really matters and all that really affects users. A n An access token is a "session" token and used for all the calls to the user data, but a refresh token is stored on a device and used to make only one call to the server - get a new access token. So when the access token expires, the system uses refresh to get the new access. But when the refresh token expires, a user can not receive a new access token, this user is taken to the authentication page.
...
The best way to do that in terms of security is to create 2 applications and cross-link them. One will be set to "anyone can use it" and the other will be "only after registration and authentication". One can hold common functionality and the other only available to registered users. Then just make links, say on some "account button" to an app with an "authentication" block turned on. Make sure that App Saving Widgets are active on both apps.
Overall possible combinations table
| Common Link | SMS/TXT Auth | Email Auth | External ID auth | PIN code | IP range | |
|---|---|---|---|---|---|---|
| Anyone without registration | ✓ | - | - | - | - | ✓ |
| Anyone after registration | ✓ | ✓ or | or ✓ | ✓ | ✓ | ✓ |
| Only those added by me | ✓ | ✓ or | or ✓ | ✓ | ✓ | ✓ |