What's the easiest way to secure communication between an iOS app and Rails?
I have an iOS app that authenticates to a Rails app. The first time it authenticates, it must provide a username and password, and in return the rails app returns a token that the iOS app can use to authenticate in further messages.
The information passed between them consists of the user's email address and other trivial information, but nothing very sensitive like financial data, etc. I need a way to protect these messages.
What's the easiest way to add this protection?
source to share
HTTPS is a straightforward way to secure communications across the wire. Reuse and token for subsequent communication can be done using oAuth. You might want to take the approach Facebook has taken with their iOS SDK. They host their login page in a UIWebView (HTTPS) and return an oAuth token for subsequent calls.
EDIT: Since SSL seems to be "out of the table" - why don't you just authenticate with Basic Authentication and re-validate each call instead of using the token.
source to share
Your SSL problems locally reminded me of this tutorial
When Ryan enforced SSL, he mentioned that it would not work in a development environment (local), only in production and testing. This issue is being discussed around the six-minute mark. It looks like when deploying the application using ssl it will work. This also applies to Omniauth and the use of external providers. It doesn't work locally, but when deployed it works.
source to share