I have an iOS app that is using Facebook SDK to authenticate. Then I am able to use ubiquitous, schematic, and omniauth-facebook-access-token (via Air Force Network) to create a user on the server for that Facebook account.
Now I need a user of my iOS app capable of doing "a session" on the RoR server - I can do this by giving some information in the header or url for each request to be authenticated or I can use cookies when the API creates requests (normally JSON), then I need those requests that are in the context of the certified user.
What is the best practice to be a certified ROR user on iOS app in this situation?
Some options that come to mind:
- Maintain cookies on the client
- Send a piece of information for each API request at the top or Somewhere else (access_token? User_id?)
My concern is that I want to be able to add this code again without additional oauth2 authentication provider.
You need a token to authenticate the user, you can use the CSRF -Token should also be sent. Take a look at this, and see how CSRF is streamlined in its answer.
Comments
Post a Comment