I am currently writing a backend for a service that has 3 clients: browser, native native Android and native iphone. I have small problems with the advent of the authentication system, since I do not know what really can be done on clients.
I am using django + twisted for the backend.
Basically, I'm going to write RestfulAPI to open for clients on both phones to call.
Now the real question is: how do I come up with an authentication system?
I was thinking about using sessionids, this works very well with the browser, and I can use the integrated django app to do this.
However, I do not know if it is possible for iphone and android to get a unique session on the phone. Should I write an API call to distribute unique sessions?
if so, is it possible for me to use django authentication system since so many things are configured here? (I don't even use rdbms - I stick with mongodb, so I was on the verge of abandoning the django ftm authentication application).
I reviewed the fourth-graders API, and their basic auth method requires you to pass in the user: password in each header of the HTTP request. This adds 1 additional authentication for each call, which may seem excessive.
Please provide any advice you could give.
source
share