I would suggest trying to create a custom Worklight authenticator that communicates with your backend. Documentation for a custom authenticator can be found here:
http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v600/08_04_Custom_Authenticator_and_Login_Module.pdf
To answer your question, here is how I would approach it without using a custom authenticator:
- Make the adapter call to authenticate from the client
function authenticate(username, password){
var invocationData = {
adapter : 'authenticationAdapter',
procedure : 'authenticate',
parameters : [username, password]
};
WL.Client.invokeProcedure(invocationData, {
onSuccess : authSuccess,
onFailure : authFailure
});
}
- Get the cookie from the response on the client side and save it (I suggest saving using JSONStore which can also encrypt the saved cookie)
function authSuccess(response){
console.log("Auth Success");
var myCookie = response.invocationResult.responseHeaders.CookieName
// Save cookie somehow
}
- On subsequent adapter calls, send the cookie from the client along with each request
function adapterRequestForProtectedResource(){
var mySecureCookie = getMyCookieFromLocalStorage();
var invocationData = {
adapter : 'protectedResourceAdapter',
procedure : 'getResource',
parameters : [mySecureCookie]
};
WL.Client.invokeProcedure(invocationData, {
onSuccess : success,
onFailure : failure
});
}
On the adapter, set the cookie in the header
function getResource(secureCookie) {
// Secure cookie must be of the form: "CookieName=cookievalue"
var input = {
method : 'get',
returnedContentType : 'json',
path : "/resource",
headers: {"Cookie": secureCookie}
};
return WL.Server.invokeHttp(input);
}
