Skip to main content
Version: v19 R8

Email authentication example

This authentication example provides a way to verify that an email comes from whom it claims to be from, and will allow to block harmful or fraudulent uses of email.


In short, the principle is the following:

1. Enable authentication

Select Authentication in the Publishing page to use a login form into your app. You can select the Default login page or install a custom login page.

authentication activation

2. Enter email address

An email is required when the app is launched. When a user enters their email and clicks on the Login button, the On Mobile App Authentication database method is called and the user's session status should be updated to a "pending" status. A validation email is then sent to the user.

When the validation email is available, the user only needs to click on the validation link. This will call the On Web Connection database method and update the user's session status from "pending" to "accepted".

5. and 6. Back to the app

Once the validation is done, the user can reopen their app and click on the Login button. The On Mobile App Authentication method is called again but this time, the user's session status is "accepted", so the access is granted.

Here is a snapshot of the whole sequence:


You can handle this sequence using a special component, or manually.

Using the 4D Mobile App Server Component

The 4D Mobile App Server component is a toolbox component developed to help you manage several common mobile features. It provides methods for authenticate email logins.

  1. Call the Mobile App Email Checker method from the On Mobile App Authentication database method with the information provided by the mobile application:
// On Mobile App Authentication database method

#DECLARE ($mobileInfo : Object) -> $result : Object
$result:= Mobile App Email Checker($mobileInfo)
  1. Call the Mobile App Active Session method from the On Web Connection database method with the Session ID parameter retrieved from the URL:
// On Web Connection database method

#DECLARE ($info : Text)
Case of
: (Mobile App Active Session($info).success)
//add log if you want
End case

It's as simple as that!

You will find more information in the Email Checker method documentation.

Without the Component

You can implement your own email authentication without using the 4D Mobile App Server component. Here a basic example:

  1. In the On Mobile App Authentication database method, write the following code:
// On Mobile App Authentication database method

#DECLARE($request : Object)->$response : Object
var $mail;$status : Object

// Create an email with an activation URL
$mail:=New object
$$ // email entered by the user on their smartphone
$mail.subject:="Login confirmation"
$mail.htmlBody:="<a href=\"https://myserverapplication/activation/"+$ \
+"\">Click Here to confirm your email.</a>\"<br>"

// Send mail
$smtp:=New object("host";"";"user";"";"password";"xxx")
$transporter:=SMTP New transporter($smtp)

// Configure response for the mobile app
$response:=New object

// Declare that the current session is being verified

// Check if the email was successsfully sent
If ($status.success)
//create a share object to contain our sessions, accessible from all processes
If (Storage.pendingSessions=Null)
Use (Storage)
Storage.pendingSessions:=New shared object
End use
End if

Use (Storage.pendingSessions)
//Add a session to our session lists
End use

$response.statusText:="Please check your mail box"
// Display an error message on the smatphone
$response.statusText:="The mail is not sent please try again later"
End if

  1. In the On Web Connection database method, write some code to activate the session after the user clicked on the link in the confirmation email.
// On Web Connection database method

#DECLARE($url : Text; $header : Text; \
$BrowserIP : Text; $ServerIP : Text; \
$user : Text; $password : Text)

var $token ; $session : Text
var $sessionFile ; $sessionObject : Object

If ($url="/activation/@")
End if

//get session from ID received from URL
If (Storage.pendingSessions#Null)
End if

If ($session#"")
//get session folder
$sessionFile:=Folder(fk mobileApps folder).folder($session).file($token)
$sessionObject:=JSON Parse($sessionFile.getText())
//update status value
$sessionFile.setText(JSON Stringify($sessionObject))
Use (Storage.pendingSessions)
//delete pending session
OB REMOVE(Storage.pendingSessions;$token)
End use

The MOBILE APP REFRESH SESSIONS command checks all mobile
application session files located in the MobileApps folder of the server,
and updates existing session contents in memory for any edited files.


WEB SEND TEXT("You are successfully authenticated")
WEB SEND TEXT("Invalid session")

End if

Remote url definition

By default, a remote server URL is defined in your Android app. In case the URL is not correct, the server will not be accessible. Therefore, to modify or update this URL, just make a long pressure on the icon in the login screen, or from the settings tab. Once you press the icon, a message is displayed with the remote url address and the server access status. You will then be able to edit the URL, authenticate successfully and access the server.

On iOS, you can edit the remote server URL from the iOS device Settings screen. You just need to check the "Reset server address" option to enter the correct server address.