Back to Design / Interaction - Yahoo! TV Widgets Forum
0

Recommended approach for designing login process

Hi,

I was reading through the forum and the documentation to figure out what is the recommended approach for providing a login (login to the remote web application ) feature and then to persist the information so that the widget can auto login the user next time around. I was able to find related information from different threads but if possible I would like to get a high level recommended design approach for the login process.
Following are my questions

1. After providing a login screen for the user and if the user is successfully authenticated against a remote web application what is the recommended approach to store the login information on the TV which can be used to auto login the user next time they use the widget. Is the standard cookie the best thing to use or use one of the persistent storage features of the frame work (app config / current app data / profile data) ?

Please also mention why one option is preferred over other.

2. This might be a generic question and not specific to WDK, in general what is the best practice in persisting login related information - should it be just a unique ID, or the username / password itself or something else?

I think it will be really useful to have a topic under Development FAQ regarding recommended login design considerations.

-Saj

by
Report Abuse
3 Replies
  • QUOTE (SajuP @ Feb 23 2011, 07:31 PM) <{POST_SNAPBACK}>
    1. After providing a login screen for the user and if the user is successfully authenticated against a remote web application what is the recommended approach to store the login information on the TV which can be used to auto login the user next time they use the widget. Is the standard cookie the best thing to use or use one of the persistent storage features of the frame work (app config / current app data / profile data) ?

    I would use either currentAppConfig or currentAppData. I would not use currentProfileData as data stored in that object could be overwritten by another widget in the profile if it used the same key.

    I wouldn't send anything in a cookie as that's completely insecure.

    QUOTE (SajuP @ Feb 23 2011, 07:31 PM) <{POST_SNAPBACK}>
    2. This might be a generic question and not specific to WDK, in general what is the best practice in persisting login related information - should it be just a unique ID, or the username / password itself or something else?

    If you have control over the development server, I would used token-based authentication. If not, I'd store the username/password in persistent storage.
    Report Abuse
    0
  • QUOTE (Benjamin Toll @ Feb 24 2011, 02:04 PM) <{POST_SNAPBACK}>
    If you have control over the development server, I would used token-based authentication. If not, I'd store the username/password in persistent storage.


    By development server did you mean the remote web server?
    Report Abuse
    0
  • QUOTE (SajuP @ Feb 24 2011, 07:19 PM) <{POST_SNAPBACK}>
    By development server did you mean the remote web server?

    Yes
    Report Abuse
    0
Ask a Question

Recent Posts

in Design / Interaction - Yahoo! TV Widgets