this post was submitted on 06 Dec 2023
19 points (95.2% liked)
Lemmy Apps
4992 readers
1 users here now
A home for discussion of Lemmy apps and tools for all platforms.
RULES:
- No spamming
- Be nice and have fun
- Follow the general lemmy.world rules
An extensive list of Lemmy apps is available here:
Visit our partner Communities!
Lemmy Plugins and Userscripts is a great place to enhance the Lemmy browsing experience. [email protected]
Lemmy Integrations is a community about all integrations with the lemmy API. Bots, Scripts, New Apps, etc. [email protected]
Lemmy Bots and Tools is a place to discuss and show off bots, tools, front ends, etc. you’re making that relate to lemmy. [email protected]
Lemmy App Development is a place for Lemmy builders to chat about building apps, clients, tools and bots for the Lemmy platform. [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm the developer of a (still beta) mobile app for Lemmy and I don't have a backend, the credentials are inserted by the user in the app and are sent to the Lemmy instance they are using directly with no steps in between.
Instance name verification is done by just calling a public (non authenticated) API like the community list and seeing if this healthcheck passes, whereas authentication is done by the Lemmy instance itself which returns an error if the user does not exist or the password is wrong.
The login API provides a token, as explained by other devs in this thread, which is saved in the app database (but the database is encrypted with a key randomly generated on a per-install base on the device and local to that device only). This token is appended to the body (where specified) or auth header of the subsequent authenticated API calls, which are in turn encrypted too since it's HTTPS.