我建立与iOS和Android版本的应用程序。我要创建或实施一个现有的REST认证处理,可用于通过这两个应用程序。我知道我能做到这一点的,简单的得到服务,但该会通过密码明文。是否有处理认证的移动应用程序的任何API?
I am building an app with an iOS and Android version. I want to create or implement an existing REST authentication process that can be used by both apps. I know that I can accomplish this with a simple Get service but this would pass the password in the clear. Is there any API that handles authentication for mobile apps?
我不希望使用OAuth,因为我不希望用户必须采取有允许访问他们的数据的额外步骤。我希望用户能够无缝地输入用户名和密码,就像我所使用的大多数移动应用程序进行身份验证。
I don't want to use OAuth because I don't want the user to have to take the extra step of having to allow access to their data. I want the user to seamlessly enter a user name and password and be authenticated like in most mobile apps that I have used.
如果你确定你不希望像OAuth的东西,那么你只需要两样东西:
If you're sure you don't want anything like OAuth then you just need two things :
1)只有HTTPS - 这prevents用户名:密码被截获(容易)
1) https only - this prevents username:passwords being intercepted (easily)
2)POST URL发送用户名:密码
2) A POST URL to send the username:password to
POST是很重要的!如果它只是得到那么用户名和密码将被存储在你的服务器日志,并请求可能会被缓存。
POST is important! If it was just GET then the username and password would be stored in your server logs and the request might be cached.
您将定义了是这样的:
https://www.example.com/myaccount/login
与POST参数
with the POST parameters
username=deanWombourne&password=hunter2
然后,我会保存登录状态的服务器,该会议今后所有申请上的属性。
I would then store the logged in state as a property on the server for that session for all future requests.