Reputation: 956
Account registration on mobile application
I'm working on a hybrid mobile application for both android / iOS, which mainly send requests to a restful server using an access token for authentication / authorization.
However, not sure how to implement the account creation part, would it be ok to allow a POST request with an email address / password to register a user? Something like POST /signup (Of course using https, email verification etc).
Or is there a better alternative?
Upvotes: 0
Views: 95
Answers (1)
Reputation: 46429
This is essentially how classic signup works on most mobile apps. POST email/password to a signup URL and receive an access token in the response.
If you want to get fancy, you can incorporate a secret app token so the request can be signed, and the server can theoretically guarantee the request came from your own app and no-one else's. The problem though is a "secret" in the client is not really a secret, anyone has access to the compiled code and the requests being made. (Twitter, for example, has encountered this problem.)
There's also single-sign on via Twitter, Google, Facebook, etc. in which case you can just upload the access token after user authenticates on the device. Some apps also request a phone number instead of email, and then verify by SMS (which is automatic if the app can read SMS), e.g. WhatsApp.
Upvotes: 1
Related Questions
- Protect RESTful calls to register users from mobile
- User authentication in mobile
- REST API authentication for web app and mobile app
- Mobile app and authentication to REST API
- User sign-up process
- app registration
- What's the best way to implement a Registration REST API for iPhone/Android?
- How to create REST authentication for iOS and Android mobile apps
- How to put user authentication into a mobile application
- What is good way to register users from phone app