I have a question regarding the best practices for the login / authentication architecture of an iOS app.
Situation: The app is build to implement an iOS client for a photo gallery (using a RESTful API). Users can see own gallery, add photos and things like that. The app heavily relies on having a valid login for the API (atm it's simply http authentication, to simplify things for the moment). The API calls are made using AFNetworking. This already works fine. Now, I have to implement the authentication.
My questions are as follows:
Do you simply login once using a login view and store the credentials somewhere (user defaults for example)?
Do you simply use those credentials again once the application loads to see if they're still valid, if not present the login view again to repeat the login + store in user defaults process?
What would you guys consider as a good solution? Would be nice to know how others handle this. Since I have control over the API as well as the app, I'm able to modify the authentication mech. on both sides. However, the API will not be public and is solely used to connect the website (where users can log-in, too) and the app. I had a strong feeling that OAuth2 would be overkill and probably not the best choice.
I'm really not sure how to connect own web apps to mobile apps. Any advice, pointers to articles or even recommended books which cover this topic are really appreciated. Looking forward to your feedback!
