Narrow Results
With the CodeRED Mobile Alert app – the nation’s most downloaded public safety notification app – OnSolve enables subscribers to receive these notifications directly to their mobile device whether at home, on the road, or traveling around the country.
By Price
By Category
By Operating System
- Web site Not provided
- Support web sitehttp://www.oasisthaimassage.com/
- Support e-mail Not provided
- Support phone Not provided
- The Rutts Cafe mobile app is your one-stop mobile resource for everything that is happening at Rutt's Cafe in Los Angeles. Rutt's offers the finest...10
- If you are interested in buying, selling, investing, relocating or a vacation home, then the Palm Springs Real Estate App is the perfect option for...10
- The Newport Coast Real Estate App is your mobile resource for Team Kiwi Real Estate Group. Team Kiwi specializes in buying and selling real estate...00
- The Green Olive Restaurant App is your mobile resource for accessing information about The Green Olive Restaurant, located in Rancho Dominguez, CA....00
- The Sun Studio LA app is the perfect solution for booking a great tan in Los Angeles. Find Sun Studio LA locations near you and earn loyalty...00
- This app keeps you connected with everything that is going on at The Zebra Room in Torrance on a daily basis. Stay updated on daily specials and...00
- The Boba Loca mobile app is your mobile resource for Boba Loca Juice & Coffee. The app gives you information on all of our locations,including...00
- The Tami Gosselin Real Estate App is your mobile resource for real estate in Northern California. The Gosselin Team is a group of Real Estate...00
- The Go Eco Express mobile app is your mobile resource for Go Eco Express Car Wash in the South Bay area. Go Eco Express Car Wash is an...00
- Results 1 - 10 of 13
Say I have an Android application that connects to a .Net API for receiving/setting data. The confusion that I have is regarding how to sign-up/login the user first time and authenticate it every time they make a request to the API.
- If I just use username/password based authentication they won't be safeenough?
- And I can't save that username/password in the devicefor of course security reasons?
- Should I issue a GUID for every user at the sign-up, save it in their device and retrieve every time during an API request?
What other patterns are available and which are most efficient and secure, I just need a process flow for it.Can someone tell me what method famous android applications like Facebook, FourSquare, or Twitter use to authenticate every request coming from their mobile application to their server?
Sorry in advance if that's not some public information.
Kobi110k3434 gold badges227227 silver badges265265 bronze badges
MavenMaven5,2233030 gold badges8585 silver badges138138 bronze badges
6 Answers
I imagine they use a 'token' based security system, so the password is actually never stored anywhere, just used the first time to authenticate. So the app initially posts the username/password (over ssl) and the server returns a token that the app stores. For subsequent sync attempts the token is sent first, the server checks it is valid, and then allows other data to be posted.
The token should have an expiry so the server can re-request an authentication attempt.
If you hook into the sync adaptor from within the Android Framework that will give you the ability to sync and authenticate all under the hood.
If you check the accounts under Settings on your device you'll see what I mean.
simonsimon
Basically these famous use OAuth protocol (1)/ framework (2). Even though it has to be a standard, each of these had different implementations of this protocol/framework. So we have to be very careful when it comes to integration.
Example: Dropbox still uses OAuth 1 and recently came up with OAuth 2 support.
Back to Answer, As, peterpan stated, its is a token based way of authentication is one time thing and out of the equation.These tokens are expired or that power is given to the developer in some cases.
The interesting thing behind this is that, resource access scope can be defined rather than allowing the client application to keep the user names, passwords which is dangerous.
![Radius Mobile Apk Radius Mobile Apk](/uploads/1/2/5/8/125827035/142293263.jpg)
This is the basic illustration of how this works.
I will update the answer after I get more details on this, since I am working in this area these days :)
diyoda_diyoda_3,80044 gold badges4040 silver badges8383 bronze badges
I was searching for exactly the same thing and found google way, something like peterpan said, but through Google APIs. Try this link and Google your way through it, I am starting also! I'll post new info while I`m at it!
Vitor MendesVitor Mendes
I am newbie but I will try to give logical solution for the given question.
There will be two options,[1] For every URI, http authentication will be perform where user's entered credentials will be verified and user shall access resources.
[2] Another approach could be, a user shall authenticated and on every authentication a unique token will be generated. Using generated token, user shall access resources.
Though I'm not sure which approach could be best suitable for mobile application.
imbondimbond1,30011 gold badge1111 silver badges1717 bronze badges
Authentication example is a good place to start. Android stores credentials in the Account Manager, you can view accounts in Android's settings. This will automatically store tokens, prompt the user for credentials if expired or missing, refresh tokens etc. I find the http part of this example lacking or old. Extending android's AccountAuthenticatorActivity is a great helper to parse serialized data to the layout and back to the internet.
PomagranitePomagranite
Username and passwords can be safe when placed in SharedPreferences.Using https in connecting to a server should be good enough as well.
MartinMartin3,51033 gold badges2222 silver badges2929 bronze badges