4

I am developing an ios app where I am having the user login with a user id and password. The current flow of events is as below:

1) User enters user id and password.

2) Clicking the login button calls a php webservice which authenticates the user and returns a 1 or a 0 based on login success or failure.

Now, I want to make an update to my php login webservice so that it can return an authentication token to ios after the first successful login. I would then like to store this token securely on my phone. Here are my questions:

1) Is there a standard algorithm for generating the authentication token? I am reading in some threads the the token should be an encryption of UDID+userid+timestamp but not seeing a concrete answer or example.

2) Once I receive the token on my phone, how do I securely store it in the keychain. I am planning to use SFHFKeychainUtils. Is there way I can store my token using this. I googled a lot for storing authetication tokens on keychain/SFHFKeychainUtils but not finding concrete answers. Do I just store it as userid,token combination or is there a better way to accomplish this.

I would really appreciate your inputs.

Thanks,

Mike.

Vineet Singh
  • 4,009
  • 1
  • 28
  • 39
Mike G
  • 751
  • 3
  • 12
  • 21
  • re: question 2, think of SFHFKeychainUtils as a key-value storage where the username is the key and the password is the value. – Carl Veazey Mar 01 '13 at 05:11
  • @CarlVeazey - The technique you mentioned would work for storing passwords. Would the same technique work for storing authentication takens too? In that case do i store tokens as a key value pair with userid being the key and token being the value? – Mike G Mar 01 '13 at 06:07
  • Not just for passwords - it works for any pair of strings where one is a key and one is a value. The method naming in SFHFKeychainUtils doesn't change that. Use whatever you think appropriate for your key, and the token as the value. If you need to support multiple users, then user ID might make sense, so call the method with user ID as username and token as password. – Carl Veazey Mar 01 '13 at 06:12

1 Answers1

1

oauth is the standard protocol to authentication process. check oauth-consumer libray.You can download it form this link.

Hasintha Janka
  • 1,608
  • 1
  • 14
  • 27