OAuth2 Configuring the server "client_id" ad '' client_secret 'for the type of password provision

Question

OAuth2 Configuring the server "client_id" ad '' client_secret 'for the type of password provision

I am new to creating an Oath2 server and was hoping that someone could help me shed some light on a couple of things.

This is the package I am implementing :
https://github.com/lucadegasperi/oauth2-server-laravel

From what I read about this package, I am very sure that the "password" / "Resource Ownner" grant_type is what I should use to configure access to the API for mobile applications, like a mobile banking application (sensitive data)

Link OAuth2 specification :
http://tools.ietf.org/html/rfc6749#section-4.3

The OAth2 specification states that the client must already be authenticated, so there are 5 general parameters that must be passed in order to get the access token:
- grant_type ('password')
- username
- password
- client_id
- client_secret

I have 2 questions regarding this :

Are Android and IOS apps available to ensure client_id and client_secret privacy? (“client” is an application or device, not a user).
"client_id" "client_secret" ? ( client_ids client_secrets client_id client_secret, .)

, "oath_clients" .

!

+4

android ios oauth-2.0 laravel

c-griffin 03 . '14 2:39

1

Takahiko Kawasaki · Accepted Answer · 2014-04-03T07:03:31+0000

client_id client_secret, client_id client_secret. OAuth 2.0 , OAuth 2.0 , client_id client_secret.

client_id client_secret
, client_id client_secret.

client_id client_secret , .

.
.
.
client_id client_secret.
.
.

client_id, client_id . , , , "device_id" - , . :

GET /protected_resource?access_token=.....&device_id=.....

, . OAuth 2.0 , . " 9. ".

,
, -
.

OAuth2 Configuring the server "client_id" ad '' client_secret 'for the type of password provision

More articles: