I am writing an iPhone application in which user sign in, and than read his messages and can also post messages. I am planning to use oAuth in 2legged scenerio, because in 3legged the flow is not smooth as opening the browser even in application does not seem to be comfortable. Is it best to use 2-legged version in this scenario.
Note: The server side API is written in .net (C#).
From a definition of 2- vs. 3-legged OAuth:
3-legged OAuth describes the scenario for which OAuth was originally
developed: a resource owner wants to give a client access to a server
without sharing his credentials (i.e. username/password). A typical
example is a user (resource owner) who wants to give a third-party
application (client) access to his Twitter account (server).2-legged OAuth, on the other hand, describes a typical client-server
scenario, without any user involvement. An example for such a scenario
could be a local Twitter client application accessing your Twitter
account.
What you have described is perfectly valid and only difference between them is that 2-legged Oauth system is derived from Original to enhance some sort of user experience which in 3-legged application can be confusing.
In fact most of REST API calls made on the Internet using OAuth are made using 2-legged OAuth.
here is a link which descried these things in details
2-legged or 3-legged
I will certainly go for 2-legged option