I want to get an OAuth access token client-side (iPhone) and send my token back to my server Request gdata from user; Actually I have a question, is it safe? Can someone smell a connection and use it tokens and make it worthless?
Google allows you to authenticate 'unregistered' applications in the form of 'anonymous' as a consumer key and in 'HMAC-SHA1' signature. Mode, which I am doing, then I am passing an acquired access token server-side to manipulate my data. It works which is great, but I have security concerns about the solution.
Thanks for your comments!
Is your server safe? Are you issuing a request using https? Apart from this, what question is being registered to get the real consumer key / secrets? An access token for the consumption key / secret is only good, which generates it. If you are registered, it will add another level of security (that your Consumer Key / Incognito will be known to you only), but I always suggest that communication from your app to your server should be done on a secure connection. / P>
Comments
Post a Comment