How to determine which user is making Rest requests from android application?

Question

I am trying to build a Spray REST Web server for my mobile application on android (Eventually Iphones too). Currently, I am wondering how to determine from the server side which user is making REST Method requests. After some research I am understanding that android's SharedPreferences or an OAuth protocol can be utilized to handle user authentication. Still I am unsure how to create the entire picture of "This user is requesting some information". The message responses will be in JSON text, should the request's be in JSON as well?

I greatly appreciate all of your help, eagerly awaiting responses.

Answer 1

You can send more info from client side when user send request, you include unique info (Android ID, Ads ID for example)

server.address/request?command=abc&uid=UID...

. Another way is read IP address of the user and manage it by session.

Answer 2

Currently, I am wondering how to determine from the server side which user is making REST Method requests.

The most adequate way to do this is to add auth layer to your server. There are many ways of how exactly you can do this, depending on security concerns you have to deal with.

Here is the list of auth schemes I would be looking into first of all:

• Http basic auth (most simple one, stick with it if you can)
• OpenID or OAuth (harder to implement, solves some problems that are out of scope of simply authenticating user. Note: OAuth is about authorization but can also be used to do authentication)
• home-gown auth (may be implemented on different network layers, lots of options here. Do not recommend going here unless you really need to).