Spring Security, Rest api and Facebook login from mobile device
Question
I'm developing a web application that has a REST api. At the moment the Api are protected in the server side trough spring security with a form-login authentication. Recently I also added spring social to allow access with facebook and twitter and all this works. So a user has to be registered to access some endpoint.
Now I have to build a mobile application that has to access the REST api and I was wondering what strategy I should use.
I saw that facebook has a android/ios sdk to allow the authentication on mobile side. So once theuser is authenticaded on the mobile I should do the request to my server so how should I authenticate the user on the server side to access the resources?
If you think that is not a good solution can you give me an advice how I should solve this problem?
1 answers
solution1
0 2013-04-09 13:27:16
Two options:
- Your mobile app can login to your API the same way your other client code does, via form-login or spring social. Simply send the same session ID cookie with your API calls after login.
- You can allow your app to accept a username and password as HTTP headers via HTTP-Basic , to save yourself the initial login step. This might be more useful if you don't need to make a lot of API calls per session.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.