Reputation: 292
good Oauth2 flow in mobile app?
Is a good Oauth2 flow in mobile app ?
Client Credentials When User Access Public Data From My Server With My Mobile App:
Step 1 : Client Send client_id & client_secret ( I include a client_id & client_secret in the app code/package ) To Server , APP Id & App Device ID.
Step 2 : Server Response Access Token & Expired Long Time.
Step 3 : If Access Token Expired Client Request Again Access Token Like Step 1.
Step 4 : If Client Request Data Server Will Check Access Token , APP Id & App Device ID.
Upvotes: 0
Views: 407
Answers (2)
Reputation: 2117
If you plan to use OAuth in your iOS app, I recommend you Hermod, an HTTP client built on top of AFNetworking (the most popular HTTP client in iOS).
Hermod has a very nice public interface and supports OAuth 2.0 sessions and token management out of the box.
Upvotes: 4
Reputation: 10201
There may be some confusion around the usage of the word "client".
In Oauth 2.0 terminology, a client is a piece of software accessing an API. It does not say whether that piece of software is running on a mobile device, or a server.
The OAuth Client Credentials Grant is meant to be used only from a server. Never embed a client secret in an app package that you distribute. The grant type you want is probably the Authorization Code Grant.
I suggest you read the The OAuth 2.0 Authorization Framework specification.
That being said, if the data accessed by the application is public, why do you requiring authorization?
Upvotes: 1
Related Questions
- Which OAuth 2.0 / OpenID Connect flow should I choose?
- AppAuth or manually implementing OAuth2.0 in Android
- What's the right OAuth 2.0 flow for a mobile app
- OAuth2 flow for mobile app
- Mobile app + REST API authentication
- Native app OAuth2 authorization
- Options to securely authenticate mobile access using OAuth2
- Oauth 2 on an Android app
- OAuth2 Flow for Mobile Devices
- Which OAUTH2 flow for mobile access and SSO