I had a similar problem (authentication with flash) I resolved the problem with a dirty hack :
http://www.5dollarwhitebox.org/drupal/node/106 1) first implement a token API (unique big key you can send and is a token of trust for the session => implies a token regeneration on each session logout) 2) hack the 3 page login workflow (login + POST login + post_login) so that post_login gives you a token at the post_login (I did it in json) 3) add an extra decorator to all controllers so that if token is present (either as a json key or as a POST key) then load the User wich has the corresponding token. You can do it old school as a get parameter (first argument). If you do webservices intensively, json rocks. it is -as specified later in the discussion- easier however to attain same goal by using a user agent (aka a lib that fetch webpages) supporting cookies. token however were unhappily required because flash cant send file + data in multipart form enocde format, or maybe my flash integrator was a fraud. If I had to redo it, I'll go for the user agent that handles cookies. This exists in perl/python/java/C/C++ (and not ? in AS3) With the aforementioned trick, using a cookie aware user agent after logging will let you have your credentials, and calling a page controller/something.json will give you the returned dict. I also have a hack for returning fragments (aka HTML without <body>) Have fun, good luck 2011/9/9 Juan Antonio Ibáñez <[email protected]>: > Hello! > > I have some apps running in Turbogears and I'd like to develop one > API to be used from mobile frontend apps as Android. Which is the best > design pattern for that? How security is usually implemented? May be > passing user and passwd in each call? > > Regards > > -- > You received this message because you are subscribed to the Google Groups > "TurboGears" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/turbogears?hl=en. > > -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
