I was not precisely calling from a native Android or native IOS app. I was using a PhoneGap client, which is different. It is looks like a web browser but is not a browser client. PhoneGap can only use HTML5 storage unless you write a native Android / IOS PhoneGap extension/plugin. So my technique will work from almost any client platform, even from a Windows native client app for example as long as it uses HTTP.
Also, in my tracing of how web2py handles the client connection, I believe I found a few wrinkles in the sequence of events which needed to be handled specially in this case where the client is not a web browser. In your particular case, if you have cookies in the native client, then that is one less problem to solve, You probably just have to mimic the HTTP messages that a browser would send. On Tuesday, January 1, 2013 5:19:50 PM UTC-6, Mark Li wrote: > > Thanks for the responses, and Happy New Years to you guys too! > > dlypka, for your cookieless solution, it assumes that the client app can't > store/extract tokens? In the Google Android link above, it says that both > Android and iOS can read and extract the tokens/cookies. So when the > Android app calls the Web2py app, wouldn't it just pass in the cookie/token > and have Web2py verify it as it Web2py normally verifies session login > cookies? > > > > On Tuesday, January 1, 2013 9:07:16 AM UTC-8, Massimo Di Pierro wrote: >> >> :-) >> >> >> >> On Tuesday, 1 January 2013 10:45:47 UTC-6, dlypka wrote: >>> >>> Yes it is my New Year's Resolution to make time to put it in a Slice. >>> >>> On Tuesday, January 1, 2013 10:35:49 AM UTC-6, Massimo Di Pierro wrote: >>>> >>>> Perhaps this should go in a web2pyslice? >>>> >>>> On Monday, 31 December 2012 21:28:04 UTC-6, dlypka wrote: >>>>> >>>>> I developed a solution for this. >>>>> I posted it here: >>>>> https://groups.google.com/forum/?fromgroups=#!topic/web2py/YVYQHRJmcos >>>>> >>>>> Happy New Year! >>>>> >>>>> >>>>> On Monday, December 31, 2012 4:38:40 PM UTC-6, Mark Li wrote: >>>>>> >>>>>> I am currently trying to authenticate users on an Android app to my >>>>>> Web2py application. I am not comfortable implementing this on my own >>>>>> without some guidance/advice, as I'm worried about the security of the >>>>>> login information becoming jeopardized. >>>>>> >>>>>> >>>>>> I am following the guideline for authentication outlined by Google >>>>>> here: https://developers.google.com/accounts/docs/MobileApps >>>>>> >>>>>> Another outline of what how I'm trying to accomplish Authentication >>>>>> outlined here: >>>>>> http://stackoverflow.com/questions/7358715/authentication-model-for-android-application >>>>>> >>>>>> >>>>>> The first step, and my question, is how I would generate a token to >>>>>> return to the Android app after the user has successfully logged in. It >>>>>> is >>>>>> suggested that this token be in the same format to what Web2py uses for >>>>>> session login cookies, except with a 'mobile' flag indicating the token >>>>>> can >>>>>> only be used for API calls, and doesn't have the short lifespan of a >>>>>> browser session. >>>>>> >>>>>> Any help would be greatly appreciated, as I haven't read too much >>>>>> about authentication to web2py from an Android app. >>>>>> >>>>> --
