Chapter 6. Getting Access to User Data from Mobile Apps
There are two main classes of mobile applications: mobile-optimized web apps using HTML5 and other web technologies and native mobile applications. While mobile-optimized web apps can use the traditional OAuth client-side or Web Application flows with some special consideration for user experience, native mobile applications require additional considerations.
Why You Should Use OAuth for Native Mobile Apps
When building a native mobile app, there are two primary reasons you should consider using OAuth:
- Access to your own APIs
Many mobile applications have backend servers that they use to keep track of user data. Perhaps your app is a game and stores high scores and level completion data in a server-side database to enable social functionality or supporting playing the game on multiple platforms. In this case, your app needs to communicate with the backend using an API, typically a REST-based HTTP API. OAuth is a great way to handle API authorization for these types of applications, and it enables you to build and maintain only one interface for users to log in to your application, whether they’re on the Web or using your native mobile companion app.
- Access to APIs from other providers
Some API providers may require you to use OAuth for API authorization. However, for those that don’t, there are still several great reasons you want to use OAuth for native mobile apps: you have an obligation to help users stay safe and also a desire ...
Get Getting Started with OAuth 2.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
