Everybody is using smartphones to get there information on the go. To provide the necessary information there a several ways to do so, e.g.:
- your usual web page
- your usual web page with a special mobile layout
- a native smartphone app retrieving its information via a provided web service.
In this post i take a closer look at the last point in a very simple way, which gives you an idea of how things can work and you can play around with.
For this simple approach the smartphone app needs to be able to store data on the device.
This is how the entire process works in my case:
The already registered User logs in via his smartphone app, which will send the username and password via post request to an url.
All the authentification happens on the website, so there will be no encryption done on the mobile device, which means there is no extra work to be done, when some thing on the webservice needs to be changed.
if username and password are correct the website will generate a token, saves it and send a response with either false or an array with the token and the encrypted password (i used the already encrypted password from database) that needs to be saved in the app.
From now on, the web service expects those values on every request and authenticates this device and therefor the user.
As long as this token is sent the app will be authenticated and on every login the token will be renwed for this user, which means that a login from another device will delete the current token and writes a new one that will be different. That means, that only one device can be logged in at the same time.