I’m trying to determine if there is a specific method of authentication one should use besides the traditional basic HTTP auth that is offered with the Sorcery gem given the fact I would want to authenticate users on a variety of mobile platforms (Android, iOS, WP7 etc.)?
Thanks in advance.
EDIT
What I have decided to do for the time being is as follows:
- Login user with Sorcery’s
:http_basic_authto the web service - If the login was successful generate a time based token and an expiration time for the token
- Pass the token back to the client
- Client (Android, iOS, WP7 etc.) passes the token to the service with each request.
- Web service then uses the
auto_loginSorcery method to authenticate the user and then passes the resource back to the client
Also for extra security and due to the fact it’s an ecommerce site it will be running over SSL. I will eventually plan to implement some kind of OTP/OAuth method but will do that after testing. I hope this helps anyone else looking for simple Rails mobile authentication. Thanks for the help.
Even if you don’t use one of the sorcery’s modules, know that you can always implement your own auth strategy and log your user with the auto_login(user) method. So you’re free to implement token-based auth which I think would be the basic way for an API to communicate with your application.