John Senthil wrote in post #1011816:
> Hi,
> My application has an API server which supports an rails application and
> an iPhone application, I am confused how to authenticate the api
> requests, wether I have to generate some API tokens for every user and
> send it with each request and I don't know how to use the access/secret
> keys for authentications.
There are likely a few ways you could handle this. However, given this
is an iPhone app, NSURLConnection has full support for HTTP cookies, so
you could authenticate the user exactly like a browser would. That is by
sending the username and password to the sessions controller (over
HTTPS, of course).
Once authenticated NSURLConnection will send the session cookie back to
the server with every subsequent request. This could be completely
transparent to the user of the device. That is once they sign in for the
first time at which point the iPhone app stores their login credentials
in the secure keychain. If you get a session timeout then
re-authenticate with the username/password stored the keychain.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment