OAuth 2.0 With Web API and Xamarin

Question

I'm rather new to Web development so bear with me.

1. I've developed a backend server in C# (non-web app) that exposes some features via a REST API implemented in Web API (OWIN and Katana).
2. I've developed a Xamarin android app the consumes that API.

Now I want to enable the consumption of the API only for users who have authentication using Google.

I know OAuth is the way to do it and I've been reading a lot about it but I'm still kind of confused about the roles here and who should do what.

What should my server do or implement? what should my client do or implement?

Answer 1

An important feature of OAuth2 to be aware of is the two different authentication flow types:

• implicit auth flow
• explicit auth flow

I've personally found the Instagram API documentation to explain this pretty well: https://instagram.com/developer/authentication/

Explicit auth flow is a little more tricky because it involves extra coordination on the part of your custom API. Implicit auth flow is a little easier, because your app will simply look for a URL fragment that comes back from the OAuth provider. That URL fragment contains a token that you can use for subsequent calls to the API that you want to talk to, Google in your case.

But in your case, it sounds like you want to use Google as the identity provider for your custom API, correct? In that case, I think you'll need to use explicit auth flow. Again, check out the Instagram docs. I find them to be particularly good at explaining OAuth2.

EDIT:

And be aware of the Xamarin.Auth component, which is designed for easing OAuth scenarios. You can find it in the Xamarin Component Store or on Github.