Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I recently read a question about a simple, secure API authentication system and see that 2-legged OAuth is a good solution to go with. But say I am just creating my own iPhone app, and would like it to interface with my own private API. Is 2-legged OAuth appropriate in this situation? Are there any disadvantages to taking this route?
Is the user of the iphone client logging in with someone or are you just trying to authenticate the client ?
If the former, then use oauth and have the user log in to some openid provider. Its actually what that is meant for.
If the later ( and it sounds like this is what you are doing), just create some secret and append it as a get request to everything and operate over https. It sounds insecure, but anything else you do will be just as bad. Any crypto/w/e solution you make will involve baking a secret into your code. If someone grabs that secret ( via say a decompiler) then they can fake w/e system you use anyway.