Bluemix Mobile App Security - User Authentication
There are 2 options available in the Bluemix documentation for user authentication with Mobile Application Security (MAS):
- Login to Google
- Work light signature
The documentation talks about the security token, how the MAS can check the security token and get user information.
In the event that I would like to use the Worklight input, does that mean that the mobile app needs to first authenticate to the Worklight server, which will generate the LTPA token for the session, and Bluemix can validate that LTPA token and retrieve the user information?
In this case, the mobile phone must first talk to the Worklight server before it can talk to Bluemix. But the Worklight server is local, so what's behind the cloud integration in Bluemix?
source to share
Yes, your mobile app will need to verify its server at work and obtain an authentication token before talking to Bluemix. First, you will need to implement the code to get the security token from the Worklight server. You will then be able to set a token with the provided SDK to pass in all HTTP request headers to Mobile Cloud services.
For MAS to validate the token, you need to upload the contents of the public key file from the Worklight server to the MAS dashboard.
More details can be found in this section here .
source to share