I was trying to build the authentication layer for my rest api using Symfony 2 and allow my mobile apps to consume the api. I stumbled across this article - How to create a custom Authentication Provider.
The problem with this method is that the password must be stored in plain text in the server's database. This is not ideal in most situations.
The alternative way is to use HTTP basic authentication with HTTPS. If you are building an iphone/android app that talks to a server. You can self-sign a certificate.
Google recommends issuing a life-long token for the mobile devices.
No comments:
Post a Comment