What flow should we use for mobile applications?

Just as developing any other type of client application, the type of flow to use should be decided based on the capabilities of the platform. However, mobile platforms are quite new and rich, and so added attention is required when making this decision. The two main flows are still available to us—implicit grant and authorization code grant. Recall that the implicit grant is designed for use in untrusted clients, while the authorization code grant is designed for use with trusted clients. Further recall that trusted clients are clients that are able to securely store and transmit their confidential properties. So, the question then becomes, are mobile applications considered trusted, or untrusted? ...

Get Mastering OAuth 2.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.