2

We are in the process of planning an iOS application in which users will need to be authenticated and authorized before they can interact with data provided by a Symfony2 web service.

Authorization will be implemented with ACLs, it's the authentication I'm not sure about.

From what I found in my research, there are a few ways to achieve the authentication part, but since there won't be any third parties accessing the data it sounds like basic HTTP authentication paired with a SSL certificate is the way to go. Is this correct?

Additionally, is a simple username and password secure enough, or is it better to add some sort of API key for identification?

If a key is needed and considering our users will be part of a group, should a key be bound to every user individually or to the group as a whole?

Finally, and slightly off topic, Symfony2 has FOSRestBundle, is there a defacto REST library for iOS?

Improve this question

2 Answers 2

Reset to default
1

For securing REST applications in symfony the FOSOAuthServerBundle is very useful. With it you can implement easy OAuth authentication for your app. OAuth is de facto standard for securing REST web services.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

As https/ssl is pretty secure you can go for basic http authentication and/or the api key solution.

Wether to use a key and/or username/password is your personal choice. If somehow requests can be catched in cleartext either one is compromised.

Keys in addition to username/password auth can have the advantage of seperating i.e. user contingents.

Basic http authentication is mostly used, therefore the chance of your client having already available methods to integrate it from his side are high.

You should always give out unique keys or username/passwords to every user in order to be able to log who did exactly what.

I'm not that much into iOS, sorry.

Improve this answer

1 Comment

Thanks for your input nifr

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.