Authentication in iOSand Rails using Devise
What is Authentication?Login using username / email + password from iOS[optional] Account creation from iOSTalks to the ba...
Omfg there is no out-of-the-box solutionSome googling suggests HTTP Basic Auth. DON’T DOTHIS!!Use an authentication token ...
Authentication TokeniOS RailsSend email andpassword usingHTTPSRespond withauth tokenSend auth tokenfor otherrequests HTTP(s)
Why Auth Token?Minimizes risk of password being compromised sinceit’s never persisted on iOSYou can revoke the auth token ...
General TipsUse SSL at a minimum for the initial authenticationpartAuth token in the query string http://yoursite/private_...
iOS TipsDon’t store the password on the device!!Store auth token (and email if you care) inNSUserDefaults or use the iOS K...
G*d*mit Devise doesn’t playnice with APIsIf you try to use the devise built-in controllers, you’llnotice it will try to HT...
Standard DeviseMassaging1/2Migrations:User model:
Standard Devise Massaging2/2devise.rb:application.rb:routes.rb:
Other Devise MassagingOn your controllers needing authentication:Don’t do this!:
Non-Trivial DeviseMassagingUser registration is more annoying, you’ll probablywant to do a custom solution like copy and p...
Done
Upcoming SlideShare
Loading in...5
×

Authentication in i os and rails using devise

6,405

Published on

Published in: Technology

Transcript of "Authentication in i os and rails using devise"

  1. 1. Authentication in iOSand Rails using Devise
  2. 2. What is Authentication?Login using username / email + password from iOS[optional] Account creation from iOSTalks to the backend (Rails with Devise)Should do validations, prevent dup accounts, etc.
  3. 3. Omfg there is no out-of-the-box solutionSome googling suggests HTTP Basic Auth. DON’T DOTHIS!!Use an authentication token solution
  4. 4. Authentication TokeniOS RailsSend email andpassword usingHTTPSRespond withauth tokenSend auth tokenfor otherrequests HTTP(s)
  5. 5. Why Auth Token?Minimizes risk of password being compromised sinceit’s never persisted on iOSYou can revoke the auth token at any time from yourbackend
  6. 6. General TipsUse SSL at a minimum for the initial authenticationpartAuth token in the query string http://yoursite/private_cat_photos?auth_token=asdfOr store in a HTTP cookie (optionally with the“secure” flag set)
  7. 7. iOS TipsDon’t store the password on the device!!Store auth token (and email if you care) inNSUserDefaults or use the iOS Keychain ServicesAFNetworking is nicewrapper on built-in technologiesSelf signed certs are annoying, a few ways to handlethis, either use a compile flag, or you may need tosubclass AFHTTPClient
  8. 8. G*d*mit Devise doesn’t playnice with APIsIf you try to use the devise built-in controllers, you’llnotice it will try to HTTP redirect your API calls (WTF)You’ll need to do some massaging…
  9. 9. Standard DeviseMassaging1/2Migrations:User model:
  10. 10. Standard Devise Massaging2/2devise.rb:application.rb:routes.rb:
  11. 11. Other Devise MassagingOn your controllers needing authentication:Don’t do this!:
  12. 12. Non-Trivial DeviseMassagingUser registration is more annoying, you’ll probablywant to do a custom solution like copy and pasteDevise functionality as neededSSL Pinning
  13. 13. Done
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×