I'm wondering if there's anyone who can explain to me how I have to construct my Authentication API controller.
- I have a native IOS application
- I have a grails backend service
For the moment I'm using fixed user credentials(for development) in my IOS application (I know these credentials exists). Now I want to make this flexible by providing a login controller.
In my backend, I'm using spring security with basic authentication. So when I make a connection to my backend, I provide a username and password in the http header.
My real question here is what I should provide in a Authentication API controller. I want to use this controller to check if the user exists, and the password is correct.
Anyone who has experience with this?
Can't I just use an empty authentication controller with the spring-security method @Secured(['IS_AUTHENTICATED_FULLY'])
If I'm correct it'll send back the proper http status codes isn't it?