Registering and authenticating via iPhone/Android app

[Roarster]

Apologies if this has been asked before but I'm struggling to find any real best practices.

I'm developing a site using Django using the built in user authentication module.  This is all working fine and users can register, login, etc. on the web site with no problems.  The plan is to also have companion iPhone/Android apps where users can register/login and then access their data on the main site.  This is where I'm a bit unsure of how to proceed.  I've been looking into using TastyPie to create a REST API which I think will work fine for accessing/updating data but I'm not sure if this is appropriate for creating new users and authenticating existing users.

The other alternative would be (I think) to create a login form in the app which posts to my web site log in form and will return the usual session cookie.  The registration form could do something similar again directly posting to the view rather than accessing the API.

Does anyone have any opinions as to which of these options are best?  I kind of feel using an API would be consistent with how the rest of the app will work but the lack of any examples of this on the internet leaves me wondering if this is a bad idea.

[bruno desthuilliers]

On May 23, 1:12 pm, Roarster <ianstrachan2...@googlemail.com> wrote:
> I'm developing a site using Django using the built in user authentication
> module.  This is all working fine and users can register, login, etc. on
> the web site with no problems.  The plan is to also have companion
> iPhone/Android apps where users can register/login and then access their
> data on the main site.  This is where I'm a bit unsure of how to proceed.
>  I've been looking into using TastyPie to create a REST API which I think
> will work fine for accessing/updating data but I'm not sure if this is
> appropriate for creating new users and authenticating existing users.

I'm definitly not an expert when it comes to mobile apps, but there
are quite a few known REST (or XMLRPC or else) APIs around that
include at least user authentication - think google (including
youtube, blogger etc), dailymotion, most blogging platforms, etc.

As far as I'm concerned, I'd definitly use the API for authentication
too (possibly using OAuth). wrt/ registration, well, I have not
checked if any of the above APIs support this, but from your Django
app's POV, it's still all about HTTP requests / responses anyway so
well...

My 2 cents, really..

[Roarster]

Thanks Bruno.  I've had a bit more of a look into this and everyone seems to be using OAuth, as you mention.  I did try to get this working with the Tastypie API but I couldn't really find any documentation and found it a bit of a struggle.  I guess I'll have to look into this further.

I've also looked into the public APIs you mention and none of them seem to allow registration (at least not on the public API).  I guess since my API will be private (at least initially) I can do what I want, I was just hoping to find out what some other well used apps (e.g. Instagram) might use for communication.  Do you think it's possible they just have another REST API they don't disclose?

[Mario Gudelj]

I read somewhere that Instagram use django-piston. But them some people are saying that Piston has had any development done in over a year. 

-m

--
You received this message because you are subscribed to the Google Groups "Django users" group.

To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/68UDvibDrpAJ.

To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

[bruno desthuilliers]

On May 23, 3:12 pm, Roarster <ianstrachan2...@googlemail.com> wrote:
> Thanks Bruno.  I've had a bit more of a look into this and everyone seems
> to be using OAuth, as you mention.  I did try to get this working with the
> Tastypie API but I couldn't really find any documentation and found it a
> bit of a struggle.  I guess I'll have to look into this further.

Yes, OAuth is not exactly the most straightforward protocol - but it's
becoming the de facto standard for such issues.

> I've also looked into the public APIs you mention and none of them seem to
> allow registration (at least not on the public API).  I guess since my API
> will be private (at least initially) I can do what I want, I was just
> hoping to find out what some other well used apps (e.g. Instagram) might
> use for communication.  Do you think it's possible they just have another
> REST API they don't disclose?

How would I know ?-)

[Roarster]

On Thursday, 24 May 2012 04:11:48 UTC+1, somecallitblues wrote:

I read somewhere that Instagram use django-piston. But them some people are saying that Piston has had any development done in over a year. 

-m

Yeah, as far as I can tell Piston development seems to be pretty much dead and Tastypie and django-rest-framework are the choices now for an API.  I think I'm going to try and use Tastypie since that seems to at least have some OAuth support at the moment.  I think I'll also try and register and authenticate an existing user directly through the API.  I'm still struggling to find any examples of anyone doing that via a Django API but to me it seems right to use a consistent approach (i.e. all communication from client to server through the API).

Thanks.