php - Phonegap Authentication without username/password -


i have phonegap app , want my app users access api getting data.

i using php end.

what did created key , authenticating key on server. key hard-coded in app meaning can @ code , figure out key , pass parameter , gain access api don't want.

furthermore key seen using proxy.

is there way dynamically generate key on both app , server gets authenticated? or other way.

i don't want user give kind of username/password.

i don't want user register or login..the user has no role in authentication..i authenticating app.

yes sure can done,

but several things before should start.

  • create new table store api keys going generate per user when registering through app.

php side:

  • grab users password or unique thing eg: udid andriod, in ios have restricted access udid , might have store unique generated id in keychain.
  • then when have password , udid can put them (or anyway want) , encrypt sha1 (or encryption algorithm) , save api key table
  • every time when request hit on api can grab api key header , validate database , see.

app side:

  • when user login through app if successful, pass api key user , save inside app further use.
  • also when going request data api can retrieve api key stored inside app, put header in request , send.

few things:

  • also can create private key on both sides (server , app) store in api key table , encrypt request server , app knows using private keys stored on both sides.
  • also can go advance authentications oauth

Comments

Popular posts from this blog

resizing Telegram inline keyboard -

command line - How can a Python program background itself? -

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -