What method of authentication should I use with the Sorcery gem using a mobile application?

Question

I'm trying to determine if there is a specific method of authentication one should use besides the traditional basic HTTP auth that is offered with the Sorcery gem given the fact I would want to authenticate users on a variety of mobile platforms (Android, iOS, WP7 etc.)?

Thanks in advance.

EDIT What I have decided to do for the time being is as follows:

1. Login user with Sorcery's :http_basic_auth to the web service
2. If the login was successful generate a time based token and an expiration time for the token
3. Pass the token back to the client
4. Client (Android, iOS, WP7 etc.) passes the token to the service with each request.
5. Web service then uses the auto_login Sorcery method to authenticate the user and then passes the resource back to the client

Also for extra security and due to the fact it's an ecommerce site it will be running over SSL. I will eventually plan to implement some kind of OTP/OAuth method but will do that after testing. I hope this helps anyone else looking for simple Rails mobile authentication. Thanks for the help.

Answer 1

Even if you don't use one of the sorcery's modules, know that you can always implement your own auth strategy and log your user with the auto_login(user) method. So you're free to implement token-based auth which I think would be the basic way for an API to communicate with your application.