OAuth 1.0 or 2.0? Native mobile app authentication

Question

OAuth 1.0 or 2.0? Native mobile app authentication

There are many resources that describe the use of OAuth from the point of view of clients, the use of the Facebook / LinkedIn / Twitter API. Good. But I'm interested in the OAuth server implementation. The goal is to have a web application that can also be accessed by mobile devices (native applications), so I need to configure OAuth on my internal Java server. Therefore, I would like to know how LinkedIn / Facebook / Twitter implemented OAuth on their server side and distinguish users from auth_token-s and provide appropriate access (some database mapping - auth_token = user ID?).

Or maybe there is a better way to authenticate a mobile user (I'm going to use REST-style services for the back-end)?

+4

java mobile facebook-oauth oauth oauth-2.0

akazlou Dec 11 '11 at 21:17

source share

1 answer

Jon nylander · Accepted Answer · 2011-12-12T07:28:17+0000

Facebook, LinkedIn, and Twitter have implemented OAuth, following the specifications of OAuth 1 (Twitter LinkedIn) and a draft for OAuth 2 (Facebook, LinkedIn).

I suggest switching to OAuth 1 or OAuth 2 User Agent Flow. If your mind is set to OAuth. You can always go for simple basic authentication to get started and focus on the really difficult parts, namely the design of your API.

If your mind is set to OAuth, check out this list of code libraries: http://oauth.net/code/ . Also read the specifications, if you want to implement an OAuth provider, you need to know and understand the specifications. Otherwise, you are faced with a world of pain in search of ready-made libraries that will allow you all "OAuthy".

OAuth 1.0 or 2.0? Native mobile app authentication

More articles: