Reputation: 1331
Understanding how to authenticate users from Android to Rails app
I have a rails application, and I authenticate users to the application using Devise.
The question is that I'm building an Android application and I want to understand how is the flow of authenticating users on the android "the easy way". I read about Basic and Digest Auth.
or the api I use Grape https://github.com/intridea/grape which has Basic and Digest middleware for authentication.
Am just wondering should I have store email/password of user on the android app?
and each request to the api should attach the email/password of the user?
Also, whats my benefits of the auth headers in the authenticated response?
Upvotes: 1
Views: 685
Answers (1)
Reputation: 2153
I would highly recommend NOT storing the password anywhere, and storing the username is also most likely unnecessary. Instead, look into the token_authenticatable feature in Devise shown in this blog example. What I would recommend doing is when the Android app user enters his/her username & password combo, you call a custom token authentication sign_in controller with what the user entered and return the token to the app. Then you can store the token in your app without worrying that the username/password may be compromised.
This gives you the flexibility for how frequently you want to regenerate the token, or to invalidate a token arbitrarily.
Upvotes: 7
Related Questions
- User Authentication with Grape and Devise
- User Authentication for Rails API
- Rails api and native mobile app authentication
- How to setup login with Ruby API in Android application?
- Rails user authentication from native Android app
- Devise user authentication in grape
- Authenticating an android App to a Rails 4 API
- How can I authenticate a user with Devise and Android using username/password?
- Authentication of Rails user for Android app
- Rails + Devise and Android: Logging in