I am currently writing the backend for a service which has 3 clients: browser, android native and iphone native. I am having a little trouble with coming up with an authentication system since I don't know what can really be done on the clients.
I am using django + twisted for the backend.
Basically, I am going to be writing RestfulAPIs to open up for the clients on both phones to call.
Now the real question is, how should I come up with an authentication system?
I have thought about using sessionids, this works very well with the browser and I can use django's integrated app for that.
However, I don't know if it's possible for both the iphone and android to obtain a unique sessionid on the handset. Should I write an API call to distribute unique sessionids?
if that's the case, is it possible for me to still use django's authentication system since a lot of the stuff here are customized? ( I am not even using a rdbms - I am sticking with mongodb, so I was on the verge of dropping django's authentication app ftm).
I have looked at foursquare's API and their basic auth method requires you to pass in user:password in every http request header. That adds 1 additional authentication each call which can kind of seem excessive.
Please provide any kind of advise that you could give.