4

I would like to start working on an idea I have for an iphone app, but I am having some issues on where to begin. I would like the app to be mostly used on the iphone but have some functionality on the web app such as logging in and viewing things created from the iphone app. I have started a rails3 app and would like to use this as my backend for the api/app.

I am confused as to how I should go about with an authentication system so that this app can work both as a web app and an api for an iphone app.

I want to use omniauth for the login on the web and iphone app because I only want users to login with twitter and/or fb, but I don't know how to authenticate requests once the users is logged into the iPhone app. I know some other gems like devise allow for things like a api key authenticatable column that makes signing api calls easier, but I think its way too bloated of a auth system to use.

Can anyone give me advice on how to go about making an authentication system that will work both as a webapp and when authenticating over an api with an iphone.

Thanks!

Danny
  • 4,724
  • 6
  • 42
  • 55

2 Answers2

6

A few thoughts...

I would assume to just have the iOS app act similar to a web browser and send a persistent cookie along with each request like normal. This way, you can use standard authentication practices and also leave yourself open to releasing a web-based version of your app one day without having to overhaul everything.

So the workflow would be:

  • Get authentication information from user input and save securely in the Keychain to seamlessly log them in every time they open the app
  • Use something like Devise to do the Rails server-side authentication (i.e. don't reinvent the wheel)
  • POST the data to the server to create a new session
  • Receive the session information back from the server in the form of a cookie
  • Store the cookie in the iOS app
  • Send the cookie information back to the server with every request
  • If they log out, destroy the cookie and the keychain data you stored to create the cookie every time they opened the app

NSURLConnection provides a means to do much of this, and even sends any stored cookies along with the requests as long as you don't tell it not to. Here's an old SO post talking about some of this: Objective-C Asynchronous Web Request with Cookies

A few resources to help you along the way:

  1. Getting / storing / sending cookies: http://www.calaresu.eu/2011/06/01/using-cookies-with-cocoa-nshttpcookie/
  2. Good slideshow about iPhone with Rails: http://www.slideshare.net/maximeguilbot/rails-as-ios-application-backend
  3. Good for storing auth info in the Keychain on iOS: https://github.com/ldandersen/scifihifi-iphone
  4. Talking with the Rails app: http://restkit.org/ (and here's a rails example)

Hope that helps some!

Community
  • 1
  • 1
iwasrobbed
  • 46,496
  • 21
  • 150
  • 195
0

When you look at iphone apps like slicehost or rackspace, you usually input your username/password into the iphone settings... so that will take care of authenticating there on the phone. Chances are, depending on what you are doing, you are going to ask your iphone to talk to a database and return some json/xml that you'll parse into your app.

You can http_autenticate your call into your Controller, that would then get that information... this would just need to verify your user's username and password sent back to your 'rails' app.

But, do you invision iphone only app viewing data or like images, ala flickr or twitpic? A gallery of objects, usually images, that get sent back maybe?

Personally, don't worry about 'bloat'. I'm just going to assume comments like that, combined with questions like this means you could be worrying about the wrong thing without really knowing what's going on. I apologize if you're Richard Stallman or something, in advance, but it had to be said.

pjammer
  • 9,489
  • 5
  • 46
  • 56