B4J Question Verify Email on Mobile and continue session on web browser

[walterf25]

Hi everyone, not sure if I will be able to make sense when asking the following question.

I am working on an ABMaterial web app and I am using a firestore AuthRest API library to register new users, sign in existing users etc. When a new user creates a new account, I am using the sendEmailVerification method of that rest api, which basically sends an email to the user with an oobCode which needs to be verified.

What i'm trying to figure out is the following:
Let's say the user is creating a new account on their desktop web browser and they receive the email and open it from their mobile devices and they decide
to verify directly from the mobile device by cllicking on the link similar to the one below:

http://pawstracking.co/Pawstracking/CreateAccount/newaccount.html?mode=verifyEmail&oobCode=Ktqil9xW_WD3mcj6uuEomxP.....&apiKey=AIzaSy.....&lang=en

If the user clilcks on that link from his/her mobile phone, how can I consume the verified function on the desktop web browser?

Is this even possible? if so how can I catch this and send a parameter to the session on the desktop browser to go back to the login screen once the verifyEmail function has been performed?

Not sure if this makes sense, has anyone dealt with anything like this before?

Regards,
Walter

 

[MichalK73]

I did it this way:
1. registration window: email and password.
2.When he presses the register button he checks if the email is busy and if, for example, the password meets security standards.
3. generates a token (e.g. 8 characters) and writes it to the user table. Then I send an email template from B4X containing a link with an embedded token.
https://mysite/portal/register?token=generate_token and adds info that he can go to https://mysite/portal/register and enter the token manually.
4. when he clicks on the link an ABMaterial page opens which checks the parameters of the link, if there is a token variable it triggers a check if there is a token for any user in the database. If there is, it indicates that the account is confirmed and the token is deleted. If there is no token it builds a page that there is no such token to verify.
5. if the link itself and there is no parameter, it opens the page with a field to write a token for registration and button confirm.

The same is done for password reminders, etc.

 

[aeric]

I think the web app need to use websocket or timer to check/receive the verified status updated by the mobile.

 

[walterf25]

I think the web app need to use websocket or timer to check/receive the verified status updated by the mobile.

That is a very good idea @aeric, can you elaborate a little more on how the websocket would be used in this scenario?

My guess is I can query the Verified field in the database until it becomes True by using a timer, not sure if this would be an elegant solution but a solution nevertheless, how would you handle it?

Walter

 

[MichalK73]

After all, ABMaterial is based on websocket and session lifetime. ?

 

[aeric]

I don't use ABM or Websocket.
I guess the idea is to start a timer when the page loaded. When the time out reached 3 seconds an Ajax/javascript call a web service or API to check the status. Loop until reach a maximum time out or else keep retry.
I think timer is not required for Websocket.