Native login system (ios, android)

0
votes

I have a web app based on symfony 3, which provides an REST Api to load all "basic data".

I use Guard as authentification throw my login form, all session data are stored throw PDOSessionHandler in the database(Password is hashed with bcrypt).

Now i am creating a native app for iOS.

Most of the data are loaded throw the REST Api, but not the login data.

So how to solve login in native app(iOS)?

When user enters username+password in native login form...

Shall i hash the password with bcrypt and send it with the username to the web app to authentificate the user? If authentification was successful, send success-message back and store the credentials in NSUserDefaults so i can request them on every request to the web app?

1
swiftsymfonysessionloginnative
Why do you want to use BCrypt? If you are sending the data using https, it won't be an issue. - javimaravillas
ok but the rest is ok? or shall i apply a completely different logic? greetings:) - Creative crypter
Rest is absolutely OK i you do it over HTTPS for login. Other auth solutions as OAuth in mobile also use REST. - javimaravillas
ok and it is a good practice to save user credentials in NSUserDefaults if login was successful and to send these user credentials to web server on every request if needed yes? - Creative crypter
or is there any more efficient method? - Creative crypter

1 Answers

0
votes

Take a look at Json Web Token, I use it to authenticate users coming from android app in a symfony2 API.

LexikJWTAuthenticationBundle provides an easy-to-use JWT authentcation.