Tutorial :Writing authentication system



Question:

I am currently writing the backend for a service which has 3 clients: browser, android native and iphone native. I am having a little trouble with coming up with an authentication system since I don't know what can really be done on the clients.

I am using django + twisted for the backend.

Basically, I am going to be writing RestfulAPIs to open up for the clients on both phones to call.

Now the real question is, how should I come up with an authentication system?

I have thought about using sessionids, this works very well with the browser and I can use django's integrated app for that.

However, I don't know if it's possible for both the iphone and android to obtain a unique sessionid on the handset. Should I write an API call to distribute unique sessionids?

if that's the case, is it possible for me to still use django's authentication system since a lot of the stuff here are customized? ( I am not even using a rdbms - I am sticking with mongodb, so I was on the verge of dropping django's authentication app ftm).

I have looked at foursquare's API and their basic auth method requires you to pass in user:password in every http request header. That adds 1 additional authentication each call which can kind of seem excessive.

Please provide any kind of advise that you could give.


Solution:1

You might look at digitally signed RESTful requests, such as what is done with Amazon S3.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »