Authenticating an android App to a Rails 4 API

Question

I'd like to build an API for other partner Android Application but at the time this api would be a web app, so the user can login via the android app and web app. I've manage sessions using the rails session[] hash, but when i tried to access from a node js application that I'm using for test it doesn't keep the session, i guess it's for the cookies.

I was reading about devise, but i don't really understand it... I need some way to login, and retrieve data from the android device without sending the user id and the password each time a pull a request.

What would be the best way? Should I go with devise?...

Thanks in advance.

Answer 1

You might be able to secure your APIs for the mobile client by securing the Rails APIs with OAuth. Then the Android client can authenticate via OAuth to your Rails app.

Check out the following gem:

• doorkeeper - A rails engine that turns your app in to an OAuth 2 provider so that you can secure your rails APIs with OAuth.

Also, check out this great blog post about how to use Doorkeeper along with devise, etc: http://sameer.siruguri.net/blog/2013/06/23/railscast-gotcha-using-devise-doorkeeper-and-oauth2-defaults/