Nevermind I added this method, which checks for username and password validity and writes the result in the header:
def auth
authenticate_or_request_with_http_basic do |username, password|
if user = User.find_by_login(username)
response.headers['Auth'] = 'Password incorrect'
if user.valid_password?(password)
response.headers['Auth'] = 'Credentials correct'
end
else
response.headers['Auth'] = 'Username incorrect'
false
end
end
end
In my mobile application I just send a request to username:password@mysite.com and read the http header. Not sure if this is an elegant method or if it is inteded, but it works for now.