I am trying to determine if there is any specific authentication method that should be used, in addition to the traditional basic HTTP authentication that is offered with the Sorcery gem, given the fact that I want to authenticate users on various mobile platforms (Android, iOS, WP7 etc.)?
Thanks in advance.
EDIT At the moment, I decided to do the following:
- Log in using Sorcery
:http_basic_auth to a web service - If the login was successful, generates a token based on time and expiration time for the token
- Passing the token back to the client
- The client (Android, iOS, WP7, etc.) passes the token to the service with each request.
- The web service then uses the
auto_login Sorcery method to authenticate the user, and then passes the resource to the client
Also for added security and because the e-commerce site will work via SSL. Ultimately, I plan to implement some kind of OTP / OAuth method, but I will do it after testing. Hope this helps anyone looking for simple Rails authentication. Thanks for the help.
source share