How to authenticate a mobile App without username and password?

前端 未结 3 1703
清歌不尽
清歌不尽 2021-02-06 16:50

I\'m building a Webapp that uses OpenId to authenticate users, like Stackoverlfow does. There will be a mobile App too, e.g. Android or iPhone. These Apps have to authenticate o

3条回答
  •  囚心锁ツ
    2021-02-06 17:00

    The current OAuth specification (RFC5849) still requires that the user enter their credentials to the website that holds the protected resource. On a mobile app this user experience is not the best (as you pointed out requires the mobile app to display the auth page with a integrated web view). OAuth 2.0 addresses this issue by specifying different Access Grant types. This standard is still in draft. Until then, your best bet is probably to modify the flows of OAuth 1.0 to suit a mobile device as a number of big sites are already doing (e.g Twitter with xAuth and Dropbox with their developer API).

提交回复
热议问题