Can the lava golem be damaged without using a serious bomb?

The way I handled this was based on Pat Patterson's blog post "Oauth for Portal Users":

https://developer.salesforce.com/blogs/developer-relations/2013/02/oauth-for-portal-users.html

To set this up with the mobile SDK I did the following:

1. Created a partner portal and assigned the partner portal gold profile to it
2. Created a force.com site and set up the login against the partner portal created in step 1.
3. Created a partner portal user and logged in as them to set the password up
4. Created a Visualforce page and gave access to the partner portal gold profile
5. Created a new mobile SDK 2.1 iOS application using the forceios command - I set this up as a remote hybrid application but local hybrid works fine too. For the remote page, I specified the name of my Visualforce page created in step 4 (which was /apex/Partners).
6. Change references to login.salesforce.com to the address of the site (e.g. bb-developer-edition.eu2.force.com) - I'm not sure whether all of these needed to change, but for the purposes of my app it didn't matter if I went too far as it was only for partner portal users. If you miss any of these, make sure to remove the application from the iOS simulator/device, as it seems to cache this information.

Then I fired up the iOS application, which took me to the default login page for the site - its not styled for mobile so looks ugly but is functional. Once I'd entered the user id and password for the partner portal user I was asked to confirm access for the application, which I did. I was then taken to the Visualforce page I'd set up earlier.