I am trying to implement:
- MVC Web API Server for On-Demand Content Return (REST Server)
- OAuth 2.0 Central Authentication Server (e.g. OWIN)
- Android Third-Party Application
The scenario is as follows: the Android application application requests content on the REST server, if its token has expired, the REST server makes a request on the authentication server to identify the client. The REST server must be registered using its own [id, secret] on the authentication server, and then the Android application must be notified for identification on the central authentication server using the end user [username, password] and the Android application [id, secret] .
Therefore, the REST server must be registered on the authentication server using a fixed [id, secret] . The Android application must be registered on the authentication server using a fixed [id, secret] and end user [username, password] .
Thus, the problem lies in most samples on cookie sessions using web usage that cannot be used through the REST server and the non-browser end user (at least this is not recommended). I did not find a clear example explaining the implementation of this scenario or even some part of it, all I found are some pieces of code for beginners. Thank you for your help.
source share