2

Fellow devranters, I need your help for a... NodeJS question... (and I won't bother asking the question on SO, because all the questions/answers I found won't work)

You see, this client we have says they want their app to be login-less; once the app starts, ir automatically knows who is the ldap user that 'logged' in the app.

I've been struggling with it for weeks, trying to use npm modules, retrieving info from process.env, and I'm sure it is completely impossible without at least providing a username.

So here I am, asking anyone out here who can answer me this question: is it possible to login without providing anything?

Comments
  • 0
    what app are we talking about?
    web app or mobile?
    Who is the user?
  • 1
    assuming you have a client app, an app on a server e.g. for storing data and a Windows environment, see node-sspi for the server and sspi-client for the client
  • 1
    @heyheni oops i forgot to tell that.
    It's supposed to be a webapp based on angularJS, and it will only be used by employees from said client, so they all exist in their ldap

    @NoMad well, I tried something like that by reading the process.env, but it only returns the info from the creator of the process.

    I even tried to access the windows registry to retrieve the current user's username, but nothing.
  • 0
    here some outside the box ideas...

    1. on the desktop computer the user downloads a piece of software once. Which functions as a virtual usb rights managment dongle which you adress via the WebUSB API.

    2. On Mobile the user has to enter at least his email or mobile number once and than your app creates an ultrasonic sound key. Which you can use to login on the smartphone and desktop computer (as long it has a microphone.)

    3. The Whatsapp / Telegramm Web way... scan a qr code.

    4. voice recgognition or other biometric data.

    when you create a pgp key there is a process where it reads your computer mouse movement and enviroment settings to create a unique key.
  • 0
    Banks often use pc keyboards with a chip card reader. That chip card is required to enter the building and unlock the employees computer and software.
  • 1
    @heyheni, your ideas are really good, but far beyond my experience level, and given that the client uses Windows, I'm going to check what @Noren said.

    Thanks a lot guys! ^^
  • 1
    You can sign a JWT token to each user and store it in the client's localstorage, sign the JWT token with no expiry set. You can login the user every time automatically, unless you delete the JWT token in the localstorage.
Add Comment