If you want to make things easy you can use the same authentication/authorization system that TG has by default. Simply storing the cookies on your mobile application should suffice to make everything work.
For android you just have to create a cookie jar and pass it to each connection, while on iOS for example you can use ASIHTTPRequest which stores cookies by itself. This way you can just make a call to /login_handler and then you are authenticated. IF you want to create your own authentication API as the /login_handler url isn't really meant to be used as an api, you can take a look at http://stackoverflow.com/questions/4576486/turbogears-change-user-via-function-calls/6636220#6636220 and see how to authenticate an an user. 2011/9/9 Juan Antonio Ibáñez <[email protected]>: > Hello! > > I have some apps running in Turbogears and I'd like to develop one > API to be used from mobile frontend apps as Android. Which is the best > design pattern for that? How security is usually implemented? May be > passing user and passwd in each call? > > Regards > > -- > You received this message because you are subscribed to the Google Groups > "TurboGears" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/turbogears?hl=en. > > -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
