我建立与iOS和Android版本的应用程序。我要创建或实施一个现有的REST认证处理，可用于通过这两个应用程序。我知道我能做到这一点的，简单的得到服务，但该会通过密码明文。是否有处理认证的移动应用程序的任何API？

I am building an app with an iOS and Android version. I want to create or implement an existing REST authentication process that can be used by both apps. I know that I can accomplish this with a simple Get service but this would pass the password in the clear. Is there any API that handles authentication for mobile apps?

我不希望使用OAuth，因为我不希望用户必须采取有允许访问他们的数据的额外步骤。我希望用户能够无缝地输入用户名和密码，就像我所使用的大多数移动应用程序进行身份验证。

I don't want to use OAuth because I don't want the user to have to take the extra step of having to allow access to their data. I want the user to seamlessly enter a user name and password and be authenticated like in most mobile apps that I have used.

推荐答案

如果你确定你不希望像OAuth的东西，那么你只需要两样东西：

If you're sure you don't want anything like OAuth then you just need two things :

1）只有HTTPS - 这prevents用户名：密码被截获（容易）

1) https only - this prevents username:passwords being intercepted (easily)

2）POST URL发送用户名：密码

2) A POST URL to send the username:password to

POST是很重要的！如果它只是得到那么用户名和密码将被存储在你的服务器日志，并请求可能会被缓存。

POST is important! If it was just GET then the username and password would be stored in your server logs and the request might be cached.

您将定义了是这样的：

https://www.example.com/myaccount/login

与POST参数

with the POST parameters

username=deanWombourne&password=hunter2

然后，我会保存登录状态的服务器，该会议今后所有申请上的属性。

I would then store the logged in state as a property on the server for that session for all future requests.