I am building an app with an iOS and Android version. I want to create or implement an existing REST authentication process that can be used by both apps. I know that I can accomplish this with a simple Get service but this would pass the password in the clear. Is there any API that handles authentication for mobile apps?
I don’t want to use OAuth because I don’t want the user to have to take the extra step of having to allow access to their data. I want the user to seamlessly enter a user name and password and be authenticated like in most mobile apps that I have used.
If you’re sure you don’t want anything like OAuth then you just need two things :
1) https only – this prevents username:passwords being intercepted (easily)
2) A POST URL to send the username:password to
POST is important! If it was just GET then the username and password would be stored in your server logs and the request might be cached.
You will ned up with something like :
with the POST parameters
I would then store the logged in state as a property on the server for that session for all future requests.