M
M
motomac2015-05-27 13:41:58
Android
motomac, 2015-05-27 13:41:58

How to organize REST API with OAuth 2.0 and JWT for mobile applications?

I'm making an API for mobile applications. The API should work for the native mobile app and also in the future for third parties. To authenticate my own application, I use the instructions in the documentation ( Client Credentials Grant ), i.e. I pass authorization data (client_id, client_secret) from the application directly to the server. I'm going to receive a JWT token (JSON Web Token) back.
Here the question arose: do I need to identify applications (my application on Android and iOS) or user devices?
- If the first, then formally it turns out that for the server at the time of authentication, all devices on the same platform are one person. Accordingly, the secret in the JWT will be the same for all users of the iOS application.
- If the second, then in the authorization data exceptclient_id and client_secret must also include some unique device_id , which is then stored in a separate table along with its corresponding JWT secret.
Am I thinking right, and which path should I choose?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Viktor Koltcov, 2015-05-27
@Vityarik

Depends what you want to get, do you want only your applications to be able to work with api ?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question