my apologies for such a general question, but it's my first time to build the server backend for an iPhone application.
The simple use case is: when the user first starts the iPhone app, they are presented with a login screen where they can either login via Facebook, Twitter, or create an account manually. Once they do that, they can use the app as normal. The next time they start the application, the app shouldnt need to show the login screen.
On the backend, I need to create the server with Node.js and MongoDB. I noticed that there are authentication modules such as everyauth and passport.js. But my confusion is how to handle these authentication and sessions in general.
For instance, with Facebook, I know that there is a Facebook iOS SDK which can be used to authenticate the iPhone client. However, where should the authentication take place: on the iPhone or on the server? How is this common case usually handled? Thank you!
Actually it based on use case for your particular case I would suggest to handle that on server because it's much easier for you to handle authentication and session management on server with the help of passport.js
As you have mulpltiple way of authenticating user facebook, twitter and basic so rather to implement seprate libraries on client app instead use single library on server "passport.js" that supports all that three authentication strategies.
I am not sure about what framework you are using on server but I would like to suggest "Express" to use as framework as passport.js can easily integrate with express which makes session management quite easier.