Home/ Questions/Q 275659
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T00:48:01+00:00

I’m looking for a protocol to secure a connection between a mobile device and

  • 0

I’m looking for a protocol to secure a connection between a mobile device and a web service. I want to ensure that only the mobile device can perform actions on the web service and vice versa. Data doesn’t need to be encrypted.

I know Oauth, but it seems that it’s more used to secure connections when you got 3 different entities (Server, Consumer and Auth). Here, the Consumer and the User would be the same person.

Is there a simple protocol to do that (without requiring the user to login and then authorize the access token like it is the case for Oauth)?

I need to use it on different plateforms, so the protocol needs to be available at least on iPhone and PHP.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I found a solution : Use a “2 legged Oauth” protocol.

    This way, I stick to the standard, I don’t have to reinvent wheel and I have a secured solution.

    As the consumer and the user are the same for me, I simply authorize automatically “request tokens” that the consumer is asking when I see that the consumer is logged as the user!

    What I’m doing is :

    • In SSL : I login as the user and request a consumer key/secret to the server
    • The server give me back my consumer key/secret
    • In SSL : I login as the user and request a “Request Token” with my consumer key/secret
    • The server recognize I’m the user so it automatically authorize the Request Token
    • Without SSL : I ask an “Access Token” with my “Request Token”
    • The server give me my access Token back
    • I use it to perform requests safely
    • 0