Friday, 16 December 2016

Authentication & secure API access for native & mobile Applications - Dominick Baier



Modern native & mobile applications have requirements like authenticating a user and securely accessing APIs on behalf of that user. Since those application types have access to advanced platform and OS features like cryptography and secure storage we can enable advanced features like mobile single sign-on, seamless token lifetime management and other advanced security features. The OpenID Connect and OAuth 2.0 hybrid flow alongside some new specification like PKCE and PoP are a perfect match for these scenarios.


source: ndc

No comments :

Post a Comment