Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In general, OAuth is used when a web service needs to authorize 3rd party access to a secure resource.
However, if I have my own mobile app, and my own web service, and I am not exposing my API to 3rd party apps in the foreseeable future, is there any reason to use OAuth to authenticate the user? What are the pros and cons of using OAuth in this case?
One of the biggest advantages to consuming your own APIs in the same way that a 3rd party would is that you are dogfooding your own systems. Doing so tends to lead to a much better product overall because you will usually iron out flaws and hiccups sooner, since they impact you directly and it isn’t just 3rd-party consumers notifying you of issues.
Another advantage of using OAuth is that you don’t have to re-invent to wheel and it’s already a very well supported mechanism. Users are fairly familiar with it as well, so you are keeping the barrier to entry (and to maintain) lower than if you went a different route.
Since you are not expecting to expose the API to anyone else right away, the advantages are, as you suspected, smaller, but if you are hopping to expose it down the road, you will be miles ahead of the game by forcing yourself to use it right out of the gate.
One downside is that OAuth is a bit more complex than other possible authentication mechanisms, but I still think the net-gain from not reinventing the wheel outweighs the slight extra complexity.