I think I've almost got my head around the principles of providing authentication via authlogic and the single access token, for an iPhone app. I've got the single access token all set up and enabled, and get and post requests working sweetly by passing the user credentials in the URL. However the iPhone dev needs to fetch the SAT to then begin passing it for all subsequent requests.

Is it simply a matter of setting the user session create action to respond to/with json? and perhaps trimming down the json response so that only the token is returned?

i can't seem to find a specific answer to this.

OK, so I think I worked it out. Why would I want the session model to be involved, because that would defeat the purpose of the SAT, right?

So I prepared a custom action (suitably routed), thus:



def auth
@user = User.find_by_username(params[:username])
respond_to do |format|
if @user.valid_password?(params[:password])
format.json { render :json => { :token => @user.single_access_token } }
else
format.json { render :json => { :message => 'incorrect username or password' } }
end
end
end