Android web server authentication with JsonRPC

Question

I've been doing some research and it seems my best option to go with an Android-Client/PHP-Server application is by using JsonRPC. My question is, How would an authentication mechanism work? I'd use Zend for json server and Android-json-rpc as client. Or is there a better way to do a remote authentication?

Answer 1

just like browser works . Browser also sends session id in every request using cookies . You can build the similar functionality with your java REST client by appending that id to every request .Then in php code you can do

session_id($_GET('session_id'));
session_start();

your rest client will send this session_id in every request to be identified. This way you can use php sessions just like with browsers.

Answer 2

If you want to do a simple API key then in every JSON call, the client would pass the auth key and in each method on the php side would get the key and authenticate it.

If you wanted to do session type authentication, you would have to first call an authenticate method that would return the session_id to the client. The client would then send the session key in every subsequent method. Within the methods, the server could then check the session key.

I have looked for a way to cleanly abstract authentication out of the actual json RPC methods, but if you use Zend_Json_Server directly, there is no way to do it. You may be able to extend it, but to me, it wasn't worth the hassle.