Reputation: 121
AuthComponent for mobile (iphone) app development
We are building an iPhone App which will access our backend server using CakePHP 2.x.x
Client is iPhone App using iOS SDK Server is using Cakephp2.0.
We are able to create http POST for controller/action (users/login). This action is currently logging in using standard database query and matching the user/password combination. This doesn't really AuthComponent. What we want is to enable Auth Component so that we can validate the session for each request. How can we use Auth for this type mobile client applications.
I have read through REST concepts etc., but still unclear how we can bring Auth into the scope of this mobile app communication.
Any references would be helpful. I am fairly new to mobile arena but I do have good knowledge web development (browser based). In case of mobile, we are using native SDK for mobile platforms.
-BC
Upvotes: 0
Views: 782
Answers (1)
Reputation: 4866
First of there is no difference in using the AuthComponent in a fully (desktop) web based solution or a mobile one - it just works as it would normally work. In your case you have the two application layers detached:
- Your server handles authentication, data retrieval, data customization and data transport.
- Your client handles data representation
Usually in Web Development there are two big concepts:
Authentication and Authorization. Authentication is making sure the user is who he poses to be - i.e. logging them in after they supply the right password. Authorization is making sure the logged in user has the right to access a given resource. The second thing can be achieved with different approaches and I am not going to stop on it.
Out of the box Cake offers three different Authentication approaches:
- FormAuthenticate
- BasicAuthenticate
- DigestAuthenticate
It is very well explained what these are in the links I provided. Now in your case you may want to consider using DigestAuthenticate and definitely Digest over SSL please :). Of course you can for with FormAuthentication as well. However also consider issuing tokens when login users in and then using those tokens for the API calls. These should have a relatively low lifetime. This lifetime is up to you but normally it is 10-15 mins. When a call is made and a token has expired just create a new one for the user. This tokem system can be somewhat detached from the authentication system - i.e. a user may still have a session but his current token may have expired - so issue e new one. Be sure to validate these tokens against the user that is trying to access a piece of information in a given application area - so validate that the token is still valid and is in fact issued to and used by the same user.
Hope this helped a bit. I think you made a good choice going with REST as it provides a nice verb-based API structure.
Upvotes: 1
Related Questions
- Authentication model for Android application
- How to use basic authentication for json requests and form authentication for html requests with Cakephp 3?
- CakePHP Authentication on REST API
- Authenticate Restful cakePHP 2.3
- Cakephp - Custom authentification (basicauth) in a plugin
- CakePHP 2.1 - As a web application and REST service with Authentication
- cakephp rest api and authentication
- CakePHP 2.0 and mobile application authentication
- Login with CakePHP and jQuery Mobile
- Cakephp and custom authentification for mobile application