Hey Malcom, thanks for the answer. Glad, I was more or less on right way.
>> How would I authenticate against the Django site? > > Your choices are either to use username/passwords or OAuth. If you're using > username/passwords you can hook straight into the standard Django > authentication - just have your code do a POST to /admin/login with > username/password. That's not massively secure, so you might want to consider > doing it over SSL. Of course SSL for clear text passwords, but why would I want to use the “/admin/login”? I think only staff can login under this URL. And wouldn’t I get a CSRF error anyway doing a POST request out of nothing? > >> When I use URL connections from the mobile app do I always have to send the >> credentials or can the Django site identify me by storing session cookies on >> the client just like as if the mobile app would be a browser? >> > You can use session cookies just as on the desktop - the iPhone NSURLRequest > will handle cookies for you. This is true on most platforms, the only place > I've found where it doesn't work consistently is on Flash. Good to know! I have some questions about using OAUTH. As I understand OAUTH is good for when I want to give 3rd party access to the users data via my API without having the users give away their password to that 3rd party. I could consider my iPhone App a third party but I would still have to authorize against my Django Server to get the token. So if I don’t really want to open the API to a 3rd party there is no sense to use OAUTH? Using cookies and Django auth will be equivalent since with Django auth I would be sending a session-cookie where with OAUTH i would be sending the access_token in the URL so basically the same thing, isn’t it? If I want my users to use another OAUTH provider to identify on my Django site there are solutions like Janrain and Gigya which cost a lot of money. And there is among others django-socialauth which is open source. If see it right the service from Janrain and Gigya is to unify the whole process with all the providers ad thus saving time in writing all the code one self. But why do they charge so much? Cheers Ivo -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.