2. What is Authentication?
Login using username / email + password from iOS
[optional] Account creation from iOS
Talks to the backend (Rails with Devise)
Should do validations, prevent dup accounts, etc.
3. Omfg there is no out-of-
the-box solution
Some googling suggests HTTP Basic Auth. DON’T DO
THIS!!
Use an authentication token solution
5. Why Auth Token?
Minimizes risk of password being compromised since
it’s never persisted on iOS
You can revoke the auth token at any time from your
backend
6. General Tips
Use SSL at a minimum for the initial authentication
part
Auth token in the query string http://yoursite/
private_cat_photos?auth_token=asdf
Or store in a HTTP cookie (optionally with the
“secure” flag set)
7. iOS Tips
Don’t store the password on the device!!
Store auth token (and email if you care) in
NSUserDefaults or use the iOS Keychain Services
AFNetworking is nice
wrapper on built-in technologies
Self signed certs are annoying, a few ways to handle
this, either use a compile flag, or you may need to
subclass AFHTTPClient
8. G*d*mit Devise doesn’t play
nice with APIs
If you try to use the devise built-in controllers, you’ll
notice it will try to HTTP redirect your API calls (WTF)
You’ll need to do some massaging…