How to implement API authentication for Rails app with Authlogic

Question

I have a Rails app with an iOS mobile client.

So far, I've had the iPhone client send HTTP requests to the normal URLs. I want to replace this with a proper API. I'm on Rails 3, and I'm using Authlogic for authentication.

I have watched the railscasts on versioned apis and securing APIs. But since I'm already using authlogic for authentication, I think reimplementing token creation would be unnecessary?

I created the API just as Ryan Bates suggests in this episode with a controller under app/controllers/api/v1/. I have corresponding views with RABL in views/api/v1.

My controller is

module Api
  module V1
    class RecordsController < ApplicationController
      respond_to :json

      def index
        status = RecordStatus.where("name = ?", "processed").first
        @records = current_user.records.where("record_status_id = ?", status.id)
      end

      def show
        @record = Record.find(params[:id])
      end
    end
  end
end

Basically, I've read a lot on the different options to implement (including a bunch of answers on SO) and I'm just really stumped as to what's the best way for me to implement authentication, securely. Should I go to oauth? Can I do it with authlogic? Which option would make it easy to use from the iOS side? Which option is easiest to implement?

Any guidance would be helpful.

Answer 1

Perhaps you could use the single access token stuff that's in authlogic already?

http://rubydoc.info/gems/authlogic/Authlogic/Session/Params