I'm probably just going to return a session id and have the server handle the username/password. But I'll still need to write some sort of algorithm to protect the password in the original request. I'm going to hold off working on the auth serverside until I get around to writing the client side verification in C.