Web Services for iphone App

rubyonrails-talk
1

Hi All         I am working an Rails 2.3.14.I am providing web services for an iphone app thru xml. My Rails app uses an authlogic gem for authentication.How to authenticate a API call from an iphone app.        Initially i can able to sign up and login thru XML post request.After login how my rails app identify me as a logged user.Whether i need to provide any token after login and using token for further request for an API call.I am novice in this.please suggest me the best way to implement authentication for an iphone app.

    Thanks in advance....

2

One typical way is to use a combination of

  • https (to authenticate the server and encrypt the channel)
  • use “Basic Authentication” through this channel

Check e.g. curl -u/–user user:password as a way to test this. The user:password combination is sent with each request (but this is encrypted by using https).

In Rails the set-up of Basic Authentication is very simple (that

is a “good thing” less chance to make security errors)

Of course, you need an SSL certificate for your server to do this.

Since you say you are novice, make sure you let your solution validate by a person with deep security experience before putting

it in real production.

HTH,

Peter

*** Available for a new project ***

Peter Vandenabeele

http://twitter.com/peter_v http://rails.vandenabeele.com

http://coderwall.com/peter_v

3

Have you tried just making the requests subsequent times? I haven't used authlogic specifically, but this works for me on my iPhone app, which uses old restful_authentication.

Usually when you do the initial login the auth system stores the user ID in the session, and then on subsequent requests it will "log in" by virtue of the session having the user ID. This session is (again usually) persisted by a cookie being passed back and forth (the name of it is set in in config/initializers/session_store.rb for my rails 2.3.x app, its the :key key of the hash sent to ActionController::Base.session). So as long as your iPhone app continues passing along this cookie with each subsequent request (which from my experience it does automatically), then your app will have the same session, which in turn has the user ID, which in turn logs in and authenticates that person.

The caveat(s) here are to make sure that authlogic is doing the login persistence in the session (it almost has to be if you have a web facing app that is of any use to someone logged in), and to make sure that the iPhone is sending the session cookie with each request.

\Peter