@phantom64030X Let’s make sure we’re operating on the same set of assumptions:
(1) There is no central API provided by VEX.
(2) We are interfacing with https://vexforum.com/ through some sort of headless browser, akin to, say, phantom.js, in Node.js (in this case, phantom is a C++/C binding of Chromium)
(3) Because of 1 and 2, in order to log in, we will need to accept the account’s username and password in the app (at some point), and use our headless browser to “log in” the user.
When the user logged in, the server will send the user agent a session id which it can use in place of those credentials in the future, similar to an OAuth Token (to see your session id, open up the developer console in your web browser and enter
, the characters after
and before the semicolon is your token). However there is one key difference between an OAuth token and one of these session ids; they’re only valid for a certain period of time, 30 days in our case, IIRC (OAuth tokens must be manually revoked by the user). You know how every now and then, a little red notification at the bottom of your screen will appear, and you have to login again (even if you’re browser autofills the result)? That is your browser cookie expiring, requiring you to login to refresh the cookie. Now take a look at the Official Reddit App, it’s function is almost identical to what we’re try to do here (I’ve even registered r/vexforum in case the community would want a subreddit that mirrors the forums, via a bot). Regardless, when you log in using the Reddit App, you never have to reenter the password, and it doesn’t store the password on the device. How? It uses OAuth 2.0 (and has an actually API), as opposed to our options: imitating a browser. The only way to emulate an experience similar to that app would be to store the password (encrypted or not) on the device, or to require the user of the app to re-login every 30 days, which would not be a good experience.