Authentication is the way Back4App backend handles adding users and allows them access to certain areas or endpoints of the app. The process of authenticating a user typically needs the following steps in a mobile app:

  • Sign Up: Provide a form for a user to enter credentials to create a new account.
  • Log In: Provide a form for a user to enter credentials to authenticate their identity and login into the app.
  • Save the Authentication Token when a user's credential verifies with the backend service. Authentication Token is received as a response from the REST API service and is used to make authenticated API requests.
  • Log Out: An action to reset authentication and return the client to an unauthenticated state.

📘

Implementing Authentication in a Draftbit app requires familiarity with features like Variables, Stacking Actions, Navigation Params, etc.

Learn more at what are the requirements when implementing a user authentication process in a Draftbit app at Intro to Authentication.

📘

Before diving in, please make sure you have created a Back4App backend. If not, please go through the Back4App

📘

Dev & Prod URLS

The Base URL parameter has been updated to give you the ability to set separate base URLs for Development and Production. When you publish your app, you can set which base URL to use, Dev or Prod. Read more about Environments

Back4App initial creates a User class to enable user authentication.

To connect it to Draftbit, the following headers are required to pass with each request:

  • X-Parse-REST-API-Key
  • X-Parse-Application-Id
  • X-Parse-Revocable-Session

You can find the values for X-Parse-REST-API-Key and X-Parse-Application-Id the APP Settings > Security & Keys section from the side menu. The value of these variables is stored in App Variables inside Draftbit. Check out the setup steps here.

The value for the header X-Parse-Revocable-Session is set to 1 when configuring the REST API service in Draftbit.

Lastly, add another variable to store the sessionToken value. Back4App requires a session token that is retrieved when a user either signs up for the first time or login. For sign up the endpoint /users is used and for login, the endpoint /login is used. Storing this sessionToken will allow fetching the logged-in user details.

Here is how App Variables when set, looks like in the Variables modal:

Here is an example of the Back4App REST API configured:

Sign up

To implement the signup process, you need to add the endpoint /users. Open the Back4App service you have previously created and follow the steps below:

  • Click Add Endpoint.
  • In Step 1: enter a name for the endpoint and select the Method to POST.
  • In Step 2: enter the base name as path: /users.
  • In Step 3: define the structure of the Body object that will be sent through the POST request. It's a JSON object that requires a key and a value. The key should associate with the name of the field in the Xano datatable. For the sign up route, here is how we have defined the body structure for this POST request:
{ 
  "username": {{signupUsername}},
  "email": {{signupEmail}}, 
  "password": {{signupPassword}} 
}

In the above snippet, use {{variable}} names to test the endpoint before using it in the rest of the app. You can provide test values for each of the {{variable}}. The more fields you have while signing up a new user in your app design, the more key and value pairs you can add to the Body structure.

Once you have created the body structure, click on the Body Preview to verify if the structure you have defined is valid to be sent with the POST request or not.

  • In Step 5: click the button Test. On success, the backend service will return an encoded sessionToken and an objectId.
  • Click Save.

A typical Signup screen (see the image below) will have a Button/Touchable component in its Components tree to send the API request.

Stacking Actions

When sending an API request to signup a user using the endpoint created in the previous step, you will need to stack the following actions on a Button/Touchable.

Following actions will be stacked on the Signup screen.

  • To add an action, select the Button/Touchable component from the Components tree.
  • Then, in the Properties Panel, go to the Interactions tab.
  • Click the + (plus) button to add an action.

Here is the description of each action:

1. API Request

API Request is used to send the POST request to the endpoint /users. It comes back with a session token from the REST API service. In the action:

  • Select the Service name.
  • Select the Endpoint. In this case, it's Signup.
  • Add a variable to store the Result Name. The variable assigned here will enable it to be used by subsequent actions. For example, signupResponseJson.
  • In the Body, select the appropriate Data Source property for each variable defined in the Body when setting up the endpoint, from the dropdown menu.

2. Extract Key: session token

Using the signupResponseJson value from the previous action, let's extract the sessionToken. In the action:

  • Select the value of the Input to be Result Name of the previous action. For example, signupResponseJson.
  • Add the Path value: .sessionToken.
  • Add the Result Name: sessionToken.

3. Conditional Stop

This action will stop the execution of any actions defined after it. It will check if the session token value is present or not and if not, the action will stop the execution. Useful to implement after handling errors (Check out this section on how to implement error handling.

In the action:

  • In Check value, select sessionToken from the dropdown and a transform function negate.

4. Navigate

This action helps a user whose account is created successfully (when the API request is successful) to navigate to another screen. For this example, we are navigating the user to the login screen to process authorization. You can decide to store the session token in an App Variable and then navigate the user directly to a screen that only authorized users or logged-in users can view.

  • In Destination, select the screen name from the dropdown menu.

Log in

To implement the signup process with Back4App REST API service, you need to add the endpoint /login. Open the service you have previously created and follow the steps below:

  • Click Add Endpoint.
  • In Step 1: enter a name for the endpoint and select the Method to POST.
  • In Step 2: enter the base name as path: `/login?username={{username}}&password={{password}}.

In the above path, using {{variable}} names to test the endpoint before using it in the rest of the app. You can provide test values for each of the {{variable}}.

  • In Step 4: click the button Test. On success, the backend service will return an encoded sessionToken.
  • Click Save.

A typical Log in screen (see the image below) will have a Button/Touchable component in its Components tree to send the API request.

Stacking Actions

When sending an API request to log in a user using the endpoint created in the earlier step, you will need to stack the following actions on a Button/Touchable.

Following actions will be stacked on the Login screen.

  • To add an action, select the Button/Touchable component from the Components tree.
  • Then, in the Properties Panel, go to the Interactions tab.
  • Click the + (plus) button to add an action.

Here is the description of each action:

1. API Request

API Request is used to send the GET request to the endpoint /login. It comes back with a session token from the REST API service in a JSON response body. In the action:

  • Select the Service name.
  • Select the Endpoint. In this case, it's Login.
  • Add a variable to store the Result Name. The variable assigned here will enable it to be used by subsequent actions. For example, loginResponseJson.
  • In the Body, select the appropriate Data Source property for each variable defined in the Body when setting up the endpoint, from the dropdown menu.

2. Extract Key: sessionToken

Using the loginResponseJson value from the previous action, let's extract the sessionToken. In the action:

  • Select the value of the Input to be Result Name of the previous action. For example, loginResponseJson.
  • Add the Path value: .sessionToken.
  • Add the Result Name: sessionToken.

3. Conditional Stop

This action will stop the execution of any actions defined after it. It will check if the auth token value is present or not and if not, the action will stop the execution. Useful to implement after handling errors. In the action:

4. Set Variable: Session Token

In the action:

  • In the Variable, select the App Variable assigned for Session Token from the dropdown menu.
  • In the Value, select the Action Result sessionToken extracted from the previous action.

5. Navigate

This action helps an authenticated user (when the API request is successful) to navigate to a screen that is only visible to authenticated users (for example, a Home screen). In the action:

  • In Destination, select the screen name from the dropdown menu.

Authenticated API Requests

The authenticated API request allows the user to access data from the backend service that is only available if an app user is logged in (authenticated). This means that with each request sent, the auth token as the value of the Authorization header is sent along.

Initially, when adding an authenticated endpoint, a real session token value is required to be passed as the Authorization header. It is recommended to save the actual session token value in the Global Variable to the point where you are creating the endpoint. You will get the session token from the Login session.

Once you have the token, save it in the App Variable as shown below:

To make an authenticated API request, the initial step is to add an endpoint to the API service.

  • Click Add Endpoint.
  • In Step 1: enter a name for the endpoint and select the Method to GET. (Depending on the API request you're sending, please make sure to set the HTTP method).
  • In Step 2: enter the base name as path: /users/me.
  • In Step 3: add the X-Parse-Session-Token header and set its value to the App Variable (which contains the session token).
  • In Step 4: click the Test button next to the Endpoint input to verify the response coming from the API service and then click Save.

In the example below, an authenticated API request of method type GET is constructed to get the logged-in user's data.

Using the Fetch component on the Home screen the above endpoint can be used to display the information.

Log out

When sending an API request to log in a user using the endpoint created in the earlier step, you will need to stack the following actions on a Button/Touchable.

Stacking Actions

Following actions will be stacked on the Logout Button.

  • To add an action, select the Button/Touchable component from the Components tree.
  • Then, in the Properties Panel, go to the Interactions tab.
  • Click the + (plus) button to add an action.

Here is the description of each action:

1: Set Variable

In the action:

  • In the Variable, select the App Variable assigned for Session Token from the dropdown menu.
  • In the Value, add an empty string "".

2. Navigate

This action redirects the user to navigate to a screen that is only visible to non-authenticated users (for example, a Login screen). In the action:

  • In Destination, select the screen name from the dropdown menu.