Reputation: 51
Django Authentication with android Client
I have a Client - Server application. The server side runs on Django and the clients on Android devices (native application). The server offers a REST API build with tastypie.
I'm trying to implement a login system. The clients are supposed to login before accessing the data.
My problem is that i can't find a way to send the password (not in plain text) and still be able to use Django authentication framework.
My first idea was to build a custom Authentication Class as explained here but, django only stores the hash of each user password and I can't validate any kind of hash. I could run the same hash function on the android clients but there's no implementation of the pbkdf2_sha256 hash function (I couldn't find it). Due to the tight schedule I have no time to implement it right now.
How does django sends the passwords in a login request? Plain text ?
ps: I don't want to use SSL
Thank you.
David.
Upvotes: 1
Views: 496
Answers (1)
Reputation: 2816
My recoommendation is to use Symmetric-key algorithm. Put the secret key on the android device and the Django application. Use it to decrypt in your Django application. AES or blowfish is secured enough.
While checking the password, do not forget to use the user.check_password(password) method.
Upvotes: 1
Related Questions
- How to use django authentication(django.contrib.auth) with my Android app
- How to make authenticated django rest api call from android client?
- New user Registration & Authentication on Android app with django Backend
- How to authenticate android user POST request with Django REST API?
- Authenticating an Android or iPhone app to a Django backend
- Android authentication using JSON
- Django authentication from iOS client
- Authentication with android app in a django server
- Android-Django user authentication
- android to django - how to authenticate users