D
D
Denis2016-06-18 18:19:53
Android
Denis, 2016-06-18 18:19:53

How to organize secure authorization of an android application?

You need to make authorization for the android application. I communicate with the server via REST.
Here is an example diagram derived from my knowledge.
We ask for a login and password
We create their hash We
send a hash to the server via HTTPS
If ok, then the server returns idsession / token, which we use in all subsequent requests (passing it in the request headers)
Encrypt and store the hashes of the login and password on the device
When the session expires again send hashes to the server automatically
Please help improve the authorization scheme)

Answer the question

In order to leave comments, you need to log in

1 answer(s)
I
Ivan, 2016-06-18
@LenLord

Secure authorization for whom exactly do you want?
To make it impossible to communicate with your server not through the application, pretending to be it? - this is impossible, you can only increase the labor costs for such a fake

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question