User authentication in mobile apps

Hi

We are developing an Android app that lets users/customers log in to an “account” and view real time data on their cellphones. To implement this I need some advice on what is the best practice for solving this.

1) Managing different users/clients:
We will most likely be using InfluxDB 2.0 Cloud hosted on Azure or AWS.
What is the best practice for segregating different clients/customers. Each customer has some data that is being constantly logged to a single bucket. Each client should only have read access to the measurements in that bucket.
Is it best to divide different clients into different orgainzations or is it sufficient to have one organization and several bucket?

2) User authentication/getting tokens:
At first we are developing for Android using java and was thinking of using the Java API to query the database:

For each user we need to pass a token, org and bucket information.
This info must be obtained after a user login or similar. Does influx 2.0 cloud have some solution for authentication or must there be a separate authentication server?

If we need to have a separate authentication server, what is the best way to make, renew and send tokens from the influx server to the client app? Server side CLI script?

Or am I thinking all wrong? Is there another prefered solution?

Best regards
Thomas

Hello @Enmas,
Welcome!
Thanks for your question.

  1. you can do either approach (org per client) or (bucket per client). There are advantages and disadvantages to both.

    You can’t scope tokens to specific measurements though, only to buckets.
    2)You’ll either have to use the API, server side CLI script, or the Java Client to create tokens. See:
package example;

import java.util.Arrays;

import com.influxdb.client.InfluxDBClient;
import com.influxdb.client.InfluxDBClientFactory;
import com.influxdb.client.domain.Authorization;
import com.influxdb.client.domain.Bucket;
import com.influxdb.client.domain.Permission;
import com.influxdb.client.domain.PermissionResource;
import com.influxdb.client.domain.BucketRetentionRules;

public class InfluxDB2ManagementExample {

    private static char[] token = "my-token".toCharArray();

    public static void main(final String[] args) {

        InfluxDBClient influxDBClient = InfluxDBClientFactory.create("http://localhost:8086", token);

        //
        // Create bucket "iot_bucket" with data retention set to 3,600 seconds
        //
        BucketRetentionRules retention = new BucketRetentionRules();
        retention.setEverySeconds(3600);

        Bucket bucket = influxDBClient.getBucketsApi().createBucket("iot-bucket", retention, "12bdc4164c2e8141");

        //
        // Create access token to "iot_bucket"
        //
        PermissionResource resource = new PermissionResource();
        resource.setId(bucket.getId());
        resource.setOrgID("12bdc4164c2e8141");
        resource.setType(PermissionResource.TypeEnum.BUCKETS);

        // Read permission
        Permission read = new Permission();
        read.setResource(resource);
        read.setAction(Permission.ActionEnum.READ);

        // Write permission
        Permission write = new Permission();
        write.setResource(resource);
        write.setAction(Permission.ActionEnum.WRITE);

        Authorization authorization = influxDBClient.getAuthorizationsApi()
                .createAuthorization("12bdc4164c2e8141", Arrays.asList(read, write));

        //
        // Created token that can be use for writes to "iot_bucket"
        //
        String token = authorization.getToken();
        System.out.println("Token: " + token);

        influxDBClient.close();
    }
}

From: GitHub - influxdata/influxdb-client-java: InfluxDB 2 JVM Based Clients

These blogs might interest you:

As well as this free webinar tomorrow to learn about how to build an IoT application on top of InfluxDB:
https://www.influxdata.com/resources/build-an-iot-app-with-influxdb-2/
Which covers this example:

And here is a simple IoT demo with python I wrote with multiple user sign up and authentication (which generates random data):