Authenticating users in iPhone app

Question

I\'m developing an HTTP api for our web application. Initially, the primary consumer of the API will be an iPhone app we\'re developing, but I\'m designing this with future

Answer 1

I agree with the oAuth comments - you can of course make oAuth work nicely on an iPhone - the UX is totally up to you. There are mechanisms (jQuery) to pull back the PIN from oAuth and use it (without the user re-typing the PIN into the app). That reduces the UX to

1) Display web page (in embedded control) 2) user enters user and password and presses button 3) oAuth response page is parsed automatically.

This twitter oAuth implmentation does that http://github.com/bengottlieb/Twitter-OAuth-iPhone using a pre-existing oAuth library.

However, back to your original question. That looks fine. The only item you don't mention, is that you need to provide a mechanism on the web app to allow the user to logout/deauthorize a device session (in case they have lost their device).