How to authenticate iOS/iPhone users with remote web application and re-use authentication ticket in future requests to the same web application? How to authenticate iOS/iPhone users with remote web application and re-use authentication ticket in future requests to the same web application? ios ios

How to authenticate iOS/iPhone users with remote web application and re-use authentication ticket in future requests to the same web application?


iphone objective-c ios ruby-on-rails-3 authentication

Using OAuth is pretty easy (well, easy is not the word...), but I made an iOS application and a java server that use OAUth as identity schema and, following the full cycle, finally I adquired a token that identifies this user and (as only can be accessed using signed requests) can be safely stored in the phone (I use just the standardUserDefaults to store it). Only your application (using the secret) can sign the requests.

I don't know if this serves to you...

Ah! After the identification via web, the browser redirect a special url (registered for my application) and the url opens my application including the token in its parameters, so it is easy to retrieve the token after the identification phase in handleOpenURL.

iphone objective-c ios ruby-on-rails-3 authentication

  1. Once the UIWebview has authenticated with said service, get it to load another URL (for example: through a javascript on the page which said service returns to after authentication).

  2. Capture this request using a UIWebViewDelegate object which implements the following protocol method:

    - (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType

  3. From here you have the NSURLRequest object. You can extract the headers of the request to NSDictionary which will contain the authentication cookie details, token, etc. using the following method of NSURLRequest

    - (NSDictionary *)allHTTPHeaderFields

iphone objective-c ios ruby-on-rails-3 authentication

For my app this is what I'm doing.

My app is using devise with omniauth for login and user stuff.Devise by itself can generate a unique token, with the flag token_authenticatable.So on my login request, if the login is successful I reply with a JSON representation of my user and my user token. I save all that on the phone memory.

Then on every request I add the param auth_token=MY_USER_TOKEN.

And that's about it.

I had just a problem with the Facebook auth, because I'm using the Ios facebook SDK, so I forward the FB token to my app, verify it, and then just return the same devise auth_token for all following requests.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last