How to organize user authentication on the backend server?

H

hAlex2013-12-07 00:19:44

Android

hAlex, 2013-12-07 00:19:44

Hello gentlemen.
Authentication on the server can be done through login + pass or oAuth, we get a token and work with api.
But the application can work in the background, and if the token expires, then you need to quietly re-authorize, if you store the username and password on the device, then this is possible, but if this needs to be done through oAuth, then there is no way without user interaction, and I'm in a stupor.
Of the options
1) if we use oauth to log in, then issue two tokens, with the first to make requests to the api, and the second to receive a new token.
2) issue an immortal token (I use https)
3) I feel that there is a better option and you need to find it out.
Please tell me how to think correctly in this case.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

E

eremeevdev, 2014-01-13
@hAlex

You may find this link useful: Verifying Back-End Calls from Android Apps

A

Alexander, 2013-12-07
@kryoz

As far as I have observed the behavior on different projects, oAuth is used primarily to establish a relationship with its account base. That is, if your application does not work directly with the social network API, then it makes sense to use your account database and operate with your token to maintain the session. Seems trivial. Or am I missing something?

Y

Yuri Yarosh, 2013-12-07
@d00mko

Perhaps it would be easier to implement a method for extending the lifetime of the token in the case of running an application in the background?