[android-developers] RESTful webservice with auth for mobile application

Thu, 14 Mar 2013 07:03:31 -0700 

I have developed many stateless RESTful webservices for a mobile 
application in Java and they are working very well.

*For example:*

   - h t t p://.../api/coupon
   - h t t p://.../api/coupon/{id}
   - ...
   

Now, I have to extend these services because I have to send different data 
back to the mobile for every user. So I need to know on the server side 
which user try to get or set information. And I have to prevent the serve 
of unauthorized users.

*There are two different way how user can login into the mobile 
application: *

   1. log in with facebook account
   2. log in with an application account
   

I need to develop two login and a logout services because the users who use 
the mobile application have to login into the application.

I read lots of article about auth and RESTful and OAuth.
I think I have to develop two login services with two imput parameters: 
username and password.

*For example:*

   - localLogin(String username, String password) -> token
   - facebookLogin(String username, String password) -> token
   

These logon services have to generate a same token and send it back to the 
mobile application in the http header. And after the login process the 
mobile client has a token. And the client has to send this token to the 
server when it makes a RESTful server call.


What do you think? Is my idea good?

If it is, could you help me how can I start to develop this in Java?

If it is not, could you tell me the good way?

Thank you.

-- 
-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to android-developers+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to