I am developing an ios app where I am having the user login with a user id and password. The current flow of events is as below:
1) User enters user id and password.
2) Clicking the login button calls a php webservice which authenticates the user and returns a 1 or a 0 based on login success or failure.
Now, I want to make an update to my php login webservice so that it can return an authentication token to ios after the first successful login. I would then like to store this token securely on my phone. Here are my questions:
1) Is there a standard algorithm for generating the authentication token? I am reading in some threads the the token should be an encryption of UDID+userid+timestamp but not seeing a concrete answer or example.
2) Once I receive the token on my phone, how do I securely store it in the keychain. I am planning to use SFHFKeychainUtils. Is there way I can store my token using this. I googled a lot for storing authetication tokens on keychain/SFHFKeychainUtils but not finding concrete answers. Do I just store it as userid,token combination or is there a better way to accomplish this.
I would really appreciate your inputs.
Thanks,
Mike.
oauth is the standard protocol to authentication process. check oauth-consumer libray.You can download it form this link.