Thanks for the responses, and Happy New Years to you guys too! dlypka, for your cookieless solution, it assumes that the client app can't store/extract tokens? In the Google Android link above, it says that both Android and iOS can read and extract the tokens/cookies. So when the Android app calls the Web2py app, wouldn't it just pass in the cookie/token and have Web2py verify it as it Web2py normally verifies session login cookies?
On Tuesday, January 1, 2013 9:07:16 AM UTC-8, Massimo Di Pierro wrote: > > :-) > > > > On Tuesday, 1 January 2013 10:45:47 UTC-6, dlypka wrote: >> >> Yes it is my New Year's Resolution to make time to put it in a Slice. >> >> On Tuesday, January 1, 2013 10:35:49 AM UTC-6, Massimo Di Pierro wrote: >>> >>> Perhaps this should go in a web2pyslice? >>> >>> On Monday, 31 December 2012 21:28:04 UTC-6, dlypka wrote: >>>> >>>> I developed a solution for this. >>>> I posted it here: >>>> https://groups.google.com/forum/?fromgroups=#!topic/web2py/YVYQHRJmcos >>>> >>>> Happy New Year! >>>> >>>> >>>> On Monday, December 31, 2012 4:38:40 PM UTC-6, Mark Li wrote: >>>>> >>>>> I am currently trying to authenticate users on an Android app to my >>>>> Web2py application. I am not comfortable implementing this on my own >>>>> without some guidance/advice, as I'm worried about the security of the >>>>> login information becoming jeopardized. >>>>> >>>>> >>>>> I am following the guideline for authentication outlined by Google >>>>> here: https://developers.google.com/accounts/docs/MobileApps >>>>> >>>>> Another outline of what how I'm trying to accomplish Authentication >>>>> outlined here: >>>>> http://stackoverflow.com/questions/7358715/authentication-model-for-android-application >>>>> >>>>> >>>>> The first step, and my question, is how I would generate a token to >>>>> return to the Android app after the user has successfully logged in. It >>>>> is >>>>> suggested that this token be in the same format to what Web2py uses for >>>>> session login cookies, except with a 'mobile' flag indicating the token >>>>> can >>>>> only be used for API calls, and doesn't have the short lifespan of a >>>>> browser session. >>>>> >>>>> Any help would be greatly appreciated, as I haven't read too much >>>>> about authentication to web2py from an Android app. >>>>> >>>> --
