I am developing a Django-based web application with an Android client application. On the web side, authentication is performed using the session identifier stored in cookies (the default implementation is Django). But I canβt figure out how to authenticate the user in the Android client. Available options are to go with the same session / cookies or tokens. Tokens can be OAuth or just plain tokens. The points that I canβt understand are these
- What is the problem with session authentication? Does it use for its mobile applications?
- What are the benefits of using tokens over a session?
- If tokens, than I should use OAuth or just a simple token, since I do not plan to allow any third party to use api.
- Should I also include a device identifier for authentication.
Please try to give an explanation with an explanation and, if possible, examples of what are the best practices and who uses what. I would also like to know what authentication mechanism is used by most companies such as facebook, twitter, dropbox, google, etc. For their Android applications (not third-party clients).
source share