Hi, My application has an API server which supports an rails application and an iPhone application, I am confused how to authenticate the api requests, wether I have to generate some API tokens for every user and send it with each request and I don''t know how to use the access/secret keys for authentications. Please help me out -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
You can have a short-look at OAuth2 protocol, it''s simple but should have many implementations on ruby. Here is http://tools.ietf.org/html/draft-ietf-oauth-v2-20 really boring doc, but once you have read it, you''ll know everything about this secret/keys ;) On Jul 20, 9:58 am, John Senthil <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Hi, > My application has an API server which supports an rails application and > an iPhone application, I am confused how to authenticate the api > requests, wether I have to generate some API tokens for every user and > send it with each request and I don''t know how to use the access/secret > keys for authentications. > > Please help me out > > -- > Posted viahttp://www.ruby-forum.com/.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
John Senthil wrote in post #1011816:> Hi, > My application has an API server which supports an rails application and > an iPhone application, I am confused how to authenticate the api > requests, wether I have to generate some API tokens for every user and > send it with each request and I don''t know how to use the access/secret > keys for authentications.There are likely a few ways you could handle this. However, given this is an iPhone app, NSURLConnection has full support for HTTP cookies, so you could authenticate the user exactly like a browser would. That is by sending the username and password to the sessions controller (over HTTPS, of course). Once authenticated NSURLConnection will send the session cookie back to the server with every subsequent request. This could be completely transparent to the user of the device. That is once they sign in for the first time at which point the iPhone app stores their login credentials in the secure keychain. If you get a session timeout then re-authenticate with the username/password stored the keychain. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
http://s3.amazonaws.com/pragmaticstudio/iPhoneOnRails.pdf On Aug 1, 2011, at 10:07 PM, Robert Walker wrote:> John Senthil wrote in post #1011816: >> Hi, >> My application has an API server which supports an rails application and >> an iPhone application, I am confused how to authenticate the api >> requests, wether I have to generate some API tokens for every user and >> send it with each request and I don''t know how to use the access/secret >> keys for authentications. > > There are likely a few ways you could handle this. However, given this > is an iPhone app, NSURLConnection has full support for HTTP cookies, so > you could authenticate the user exactly like a browser would. That is by > sending the username and password to the sessions controller (over > HTTPS, of course). > > Once authenticated NSURLConnection will send the session cookie back to > the server with every subsequent request. This could be completely > transparent to the user of the device. That is once they sign in for the > first time at which point the iPhone app stores their login credentials > in the secure keychain. If you get a session timeout then > re-authenticate with the username/password stored the keychain. > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.