Create a simple authentication used by a smartphone app with a cakephp webservice

Everybody is using smartphones to get there information on the go. To provide the necessary information there a several ways to do so, e.g.:

  • your usual web page
  • your usual web page with a special mobile layout
  • a native smartphone app retrieving its information via a provided web service.

In this post i take a closer look at the last point in a very simple way, which gives you an idea of how things can work and you can play around with.

For this simple approach the smartphone app needs to be able to store data on the device.

This is how the entire process works in my case:
The already registered User logs in via his smartphone app, which will send the username and password via post request to an url.

All the authentification happens on the website, so there will be no encryption done on the mobile device, which means there is no extra work to be done, when some thing on the webservice needs to be changed.

if username and password are correct the website will generate a token, saves it and send a response with either false or an array with the token and the encrypted password (i used the already encrypted password from database) that needs to be saved in the app.
From now on, the web service expects those values on every request and authenticates this device and therefor the user.

As long as this token is sent the app will be authenticated and on every login the token will be renwed for this user, which means that a login from another device will delete the current token and writes a new one that will be different. That means, that only one device can be logged in at the same time.

I started with a controller, that provides all necessary methods and will respond to a GET request with a JSON response.

I used the great and new CakeResponse (like shown in a previous post), which is the easiest way to answer the request without any special Views or echo responses from the controller.

Here is some example code which is used to get a forum thread by its database id. All other requests are pretty much straight forward like this one and keeping all logic on the webservices side.

public function thread($id = null) {
$data = array();
$data['Thread'] = $this->Forum->getThreadById($id);
return new CakeResponse(array('body' => json_encode($data, JSON_NUMERIC_CHECK)));
}

To this this point everything is pretty much basic stuff and i also assume you already have an Users table in your database with a username and an encrypted password.

I added a column “token” (varchar), “mobile_login” (datetime) and “android_registration_id” (varchar) into the Users table, this is where we store the hash thats authenticates the smartphone app at the web service.

You could use the “mobile_login”-date to check back on a regularly base and renew the token, if you see the need to do so.
The “android_registration_id” is used to save the google account id, which is used to send push messages through the website on the users phone, e.g. to send notifications if the user receives a a messages or something similar.

Therefore this is more on the surface of the subject, i think there will be more detailed posts about in the near future and i will be happy to get your suggestions how to improve or extend this approach.

3 thoughts on “Create a simple authentication used by a smartphone app with a cakephp webservice

    1. alexdd55 Post author

      Good point. I will put up a post with some code snippets later today. Thanks for bringing that up 🙂

      UPDATE:
      check out this post. i hope i answered some of your question.
      feel free to ask 🙂

      Reply
  1. Pingback: Simple webservice authentication using cakephp. A closer look.

Leave a Reply