for Starmaker's API we are now using the @restful decorator chained with a decorator we wrote that checks OAuth. all requests made by the client are OAuth signed requests. i'm sure you can use a similar method to use basic auth for the API calls, while leaving the regular auth decorators for the non-API calls.
(note that i'm not using phonegap so i don't have phonegap specific advice at this time) cfhj On Tuesday, July 31, 2012 9:23:17 AM UTC-7, Alec Taylor wrote: > > Practically just finished my little proof-of-concept social-network > backend (DAL+controller) & web-frontend (web2py views). > > Now I plan to make the mobile app with PhoneGap <http://phonegap.com>. > PhoneGap allows you to create native mobile-apps for 7 different mobile > platforms in HTML+JS+CSS. > > I plan on developing this frontend first by exposing JSONRPC methods > server-side—by decorating controllers—then interfacing with the API on the > client-side using JavaScript. > > Reading "web2py Application Development Cookbook", and on page 217 > (chapter 7) it tells me that to make authentication work for RPC calls I > need to break regular authentication methods. > > Is there a way to avoid this? — Note that I'm currently logging in using > the normal method, but will be using Facebook auth in production. > > Also, if there is a way to avoid rewriting the frontend from scratch that > will work with PhoneGap, please tell me. > > Thanks for all suggestions, > > Alec Taylor > --
