CODEWITHSUNDEEP
oauth-2.0
checklist
checklist

Reputation: 12930

OAuth 2.0 definition of clients

I am developing a REST based API for our system. We are going to have several types of clients:

I wanted to ask what strategy should we use in defining clients. E.g.

Thanks,

Assaf

Upvotes: 6

Views: 1018

Answers (2)

Håvard Geithus
Håvard Geithus

Reputation: 5614

Visit the Google API console, create a project. Then visit the API Access menu to create a client id. You will see what data is required for different client types, including Web applications, Android and iPhone applications. It might help in figuring out your own requirements.

Here is a screenshot:

enter image description here

Upvotes: 2

user933709
user933709

Reputation: 53

Its a good question. I have been looking into this for my own reasons. Here is what I think I will be doing:

a) Each user is not defined as a client in terms of OAuth. A client in terms of OAuth is a definition of a mechanism for providing authorization. b) I would define my clients based on the type of OAuth flows you need to support for them

so for example You could use the same client type for all of your clients. According to the OAuth 2 spec (http://tools.ietf.org/html/draft-ietf-oauth-v2-25) mobile clients and web clients are deemed to to be 'public clients', so perhaps you could decide you will only support implicit grant types for all your clients, and these could be represented as 1 client type in OAuth

c) you may decide that its benefitial to differentiate between different categories of users for example you may want different token timeout periods for different clients, so you should define a different client type for these.

In summary I think you should define your OAuth client types based on the the grant types you need to support and the different configurations you need to support

Upvotes: 0

Related Questions