How to authenticate a mobile App without username and password?

Question

I\'m building a Webapp that uses OpenId to authenticate users, like Stackoverlfow does. There will be a mobile App too, e.g. Android or iPhone. These Apps have to authenticate o

Answer 1

The current OAuth specification (RFC5849) still requires that the user enter their credentials to the website that holds the protected resource. On a mobile app this user experience is not the best (as you pointed out requires the mobile app to display the auth page with a integrated web view). OAuth 2.0 addresses this issue by specifying different Access Grant types. This standard is still in draft. Until then, your best bet is probably to modify the flows of OAuth 1.0 to suit a mobile device as a number of big sites are already doing (e.g Twitter with xAuth and Dropbox with their developer API).