2
Good morning.
I have a Web Service Rest implemented and I am working on the security of it at the moment.
This Web Service has been implemented using Spring Boot. Initially I will have as customers an Android App and a Web App, but in the future I think about making this API public, so I have to think about this too.
I’ve done a lot of research on Spring Security Oauth2, but I have basically two questions:
- All the examples I’ve seen so far have been using a Web App client, where the server redirects to the authentication url’s. In an Android application, how is this authentication done? After all, I’m not working with Html on Android to be redirected.
- I need to login to Facebook, where the user can share from the App. Initially I thought about the possibility of the app’s clients being responsible for performing this authentication and somehow sending it to my server later, because I think it would be more practical than Spring Social. That’s possible?
Thank you very much, and all tips on the architecture of my use case will be welcome.
That’s an interesting question. In the case of the Android app, I would authenticate without the redirect, but calling a service that would return me the authentication ticket and then waiting for the answer to follow the proper flow in the app. And the second question is exactly what I would do too. I would implement everything on the server side. When it’s a mobile app, it’s always good to leave server-side processing, because there aren’t many native features to do a lot of things.
– Giuliana Bezerra
Thank you so much for the comment!!! I agree with his reasoning, but wanted some framework to support me on this, because when it comes to security there are N concerns that a framework would solve. You know something about that?
– Danilo Andrade