13

Currently I have an rails 3 application which uses devise plugin for website authentication. But now I'll be adding an iPhone app as well so I will be exposing the api calls to the client device (iPhone). How would I implement auth module so that iPhone client can authenticate to the rails site and access some api?

Should I be creating a oauth provider, token base auth or simple http auth works?

ed1t
  • 8,719
  • 17
  • 67
  • 110

1 Answers1

8

In this situation, HTTP Basic authentication would work fine. If you'd like it to be more secure, you could create an OAuth provider and create your own implementation of Twitter xAuth to make it more user friendly. Essentially, you'd create an API call that would accept a username and password and then return an OAuth request token for that user. You'd store that request token on the iPhone and use it to authenticate subsequent requests.

Charlie Melbye
  • 120
  • 4
  • Could you post a code snippet of how a request in ruby code would go using the token? – Gotjosh Aug 12 '11 at 13:06
  • OAuth is a pretty complex topic so I'm simplifying this a lot, but essentially during the initial OAuth connection, you would generate an access token and store it in your database along with which user it belongs to. When you make a request to your API, you would provide the access token. Then, your service could look up who owns the access token and authenticate/authorize accordingly. Look up Ruby OAuth Provider libraries. – Charlie Melbye Aug 15 '11 at 04:42