Creating user account in client


#1

When creating a user Account, adminInterface should be use. I think this will be used when an admin will be the only one to create a user, but what if I have a Create new account feature in my android app that will let new users create their account? As of now , I don’t want to utilize the persona or facebook authentication process until I understand this.

I am thinking of sending a post request on /$DB/_user/ using the adminInterface in the android app but is this a good way? or are there any suggestion regarding user creation/registration.

Thank you for helping.


#2

Hello @JbalTero,

What will be some mandatory field requirements for when the user click on “Create new account” for your app?

How are you going to be creating your login?

Thanks,
William


#3

Write a server-side script that accepts create-user requests and calls the gateway admin API to create the user account.

I am thinking of sending a post request on /$DB/_user/ using the adminInterface in the android app

Do not do this. The admin port should never be reachable from the outside.


#4

When a user create new account, they will input their email, name, and password just like creating a user using adminInterface.


#5

Does this mean I’m going to create somewhat a REST api for adminInterface?
Like for example I’m going to create it using a simple node.js server.

Or is it really recommended to utilize persona and facebook authentication in a situation like this?


#6

Probably nothing as complex as a full REST API, but yes, you’d create an HTTP handler. Most likely a client would POST to a specific URL to create an account, passing the desired username as a parameter.


#7

Thank you for this.
I still don’t understand why is it not recommended to direct it to the adminInterface? is it for security reasons? or it will break on production?


#8

The admin interface is like “god mode”. It can do anything with no authentication. Exposing it to the outside world is like giving out your root password.


#9

Thanks. Everything’s clear :slight_smile: