views:

47

answers:

2

I'm developing a mobile version of a web app that uses single signon. How do I use Single sign-on on native iPhone app?

A: 

The term "single sign-on" could mean a whole lot of different things, but here's how I handle user authentication on the apps I've been building.

First thing, if I've never seen them before, I require them to log in or register (more on that in a sec). Once they do that, on the web app, I generate a magic token and store it with their user record. I return that token as part of the HTTP response of the login/registration request, and I store it in NSUserDefaults.

From then on, I supply that token with every request, and use it to auth the user. If they ever submit anything to me without a valid token, I bounce them back through login/registration.

I don't delete it between launches of the app. When you come back to me later, you're still you unless you hit the "log out" button.

I can also let you log your phone out from the web app this way, just by zapping the auth token from the user database.

Now (this is the more later) I've been hearing about Apple rejecting apps because they require user registration up front. That hasn't become a big widespread thing, so I suspect it was just a blip, but there it is, it's a risk.

Dan Ray
A: 

You basically want to save the credentials and then provide them to the request when needed by any authentication challenge.

http://iphonedevelopertips.com/networking/handling-url-authentication-challenges-accessing-password-protected-servers.html

I actually wrote a PhoneGap plugin to wrap abunch of login/authentication functionality

http://blog.clearlyinnovative.com/post/1012434483/phonegap-and-iphone-development

Aaron Saunders