php - Phonegap Authentication without username/password -
i have phonegap app , want my app users access api getting data.
i using php end.
what did created key , authenticating key on server. key hard-coded in app meaning can @ code , figure out key , pass parameter , gain access api don't want.
furthermore key seen using proxy.
is there way dynamically generate key on both app , server gets authenticated? or other way.
i don't want user give kind of username/password.
i don't want user register or login..the user has no role in authentication..i authenticating app.
yes sure can done,
but several things before should start.
- create new table store api keys going generate per user when registering through app.
php side:
- grab users password or unique thing eg: udid andriod, in ios have restricted access udid , might have store unique generated id in keychain.
- then when have password , udid can put them (or anyway want) , encrypt sha1 (or encryption algorithm) , save api key table
- every time when request hit on api can grab api key header , validate database , see.
app side:
- when user login through app if successful, pass api key user , save inside app further use.
- also when going request data api can retrieve api key stored inside app, put header in request , send.
few things:
- also can create private key on both sides (server , app) store in api key table , encrypt request server , app knows using private keys stored on both sides.
- also can go advance authentications oauth
Comments
Post a Comment