CODEWITHSUNDEEP
androidiosauthenticationrestmobile
Atma
Atma

Reputation: 29795

How to create REST authentication for iOS and Android mobile apps

I am building an app with an iOS and Android version. I want to create or implement an existing REST authentication process that can be used by both apps. I know that I can accomplish this with a simple Get service but this would pass the password in the clear. Is there any API that handles authentication for mobile apps?

I don't want to use OAuth because I don't want the user to have to take the extra step of having to allow access to their data. I want the user to seamlessly enter a user name and password and be authenticated like in most mobile apps that I have used.

Upvotes: 3

Views: 7820

Answers (4)

Jonas Schnelli
Jonas Schnelli

Reputation: 10005

HTTPS is your first choice,.. if possible.

I recommend you to look at amazons S3 auth. http://docs.amazonwebservices.com/AmazonS3/latest/dev/RESTAuthentication.html

Also look here.

Upvotes: 0

Achraf Almouloudi
Achraf Almouloudi

Reputation: 746

Could you show us some of your code so we can get a better idea, it is now ok to use OAuth as users are more familiar with this method and it is more secure without having you to use HTTPS because there is a part of users (me too) who don't accept to write their password on non-official apps, so they may ignore you .

Upvotes: 0

deanWombourne
deanWombourne

Reputation: 38475

If you're sure you don't want anything like OAuth then you just need two things :

1) https only - this prevents username:passwords being intercepted (easily)

2) A POST URL to send the username:password to

POST is important! If it was just GET then the username and password would be stored in your server logs and the request might be cached.

You will ned up with something like :

https://www.example.com/myaccount/login

with the POST parameters

username=deanWombourne&password=hunter2

I would then store the logged in state as a property on the server for that session for all future requests.

Upvotes: 7

omermuhammed
omermuhammed

Reputation: 7385

If you use a secure connection (HTTPS) sending username/password won't be an issue. Other things to think of are, session timeout and session caching on the mobile devices, and the security steps needed for that, intermittent network connectivity issues etc.

Upvotes: 0

Related Questions