WSO2 API Manager - How does mobile app connect to API Manager?

浪子不回头ぞ 提交于 2021-02-10 13:36:55

问题


We have a mobile app which is required to go through WSO2 API Manager to access some APIs. Because of oauth2 authentication, we need to store username & password in mobile app, is it safe? for example, username & password could be used to logon API Store, Is there any alternative solutions for this situation?


回答1:


You can use 'User Access Token'. That is the recommended approach for mobile apps. Refer to this WSO2AM doc for more info. The following blog posts also has some detailed explanation.

http://charithaka.blogspot.com/2013/07/oauth-20-grant-types-with-wso2-api_16.html http://lalajisureshika.blogspot.com/2012/11/generate-application-tokens-user-tokens.html




回答2:


You could use username and password under password grant type once to get the access token by hitting the token endpoint. After that just use the refresh token to renew your access token that way you will not have to store username and password in your mobile sandbox. Check the documentation on renewing the access token. It is necessity to keep this access token and refresh token securely in your mobile sandbox. For this you could use a secured sandbox approach like a keystore, keychain etc. based on your mobile platform with proper security in place such as encrypting them etc. Even if you willing to use the username and password for subsequent requests to request for a token again and again you could use this approach to store those credentials as well.



来源:https://stackoverflow.com/questions/18456399/wso2-api-manager-how-does-mobile-app-connect-to-api-manager

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!