OAuth

Owned by Will Wilson (Deactivated)
Last updated: Mar 18, 2016Version comment
3 min read

Why does MobileSmith use OAuth?

Security is the primary reason we use OAuth.  Much like our data integration strategy, we don’t want to store any secure data or user information on any MobileSmith servers.  OAuth allows you to control access to your secure resources, while still having the benefits of quickly creating rich, native apps.

We also use OAuth because it is an authentication standard in the app industry.  Ever see an app that asks you to sign-up/sign-in using Facebook?  That’s OAuth!

What is OAuth?

OAuth (open authentication) is an open standard for authentication.  It provides an application (client) secure access to server resources on behalf of the resource owner.  OAuth specifies the process for the resource owner to authorize third-party access to their server resources without sharing login credentials.  Instead of a username and password being passed back and forth from an app to a server, the server issues an access token to the application, which is approved on the authorization server.  Once the access token has been given to the application (client), resources can be accessed securely without ever exposing a username or password.

In the above description, the “application” or “client” is the MobileSmith platform and/or the app made in the MobileSmith platform.  The “resource owner” is the party responsible for hosting the data being accessed by the MobileSmith platform/app.  The “authorization server” (which may also be the same server as the resource server) is the server responsible for authorizing users and granting access tokens to be used later by an application to get data.  The “authorization server”, by definition, is not, and cannot be, a MobileSmith server, as we do not want to get/see your users’ login credentials.

Ultimately, the server containing your data needs to be sure that users accessing it are supposed to be accessing it.  In most methods of authentication, including OAuth, some “thing” needs to be passed back and forth between the user’s device and the server – tokens, cookies, encrypted username/password, etc. – these are all “things” used in various forms of authentication.  For OAuth, we’re looking to pass an “Access Token” back and forth.  The question is, “How does a user get an access token from the server?” Well, here goes!

How does it work?

Once the OAuth access method has been turned on for an app, we will provide you a configuration page that will contain all of the details you’ll need.  To ensure that the app will work once it’s on a mobile device, the Platform will attempt to authenticate on the authorization server from inside the browser (in a pop-up window).  Once successful, you’ll be able to make secure REST service calls in the Platform in order to configure new AppBlocks (those that require authentication).  Of course, once you get the app on your phone, you’ll need to authenticate in order to test the app.

 

 

What information will I need to setup OAuth in my app?

Questions to ask your OAuth provider

 

Once I have all the information, how do I setup OAuth in my app?

How to setup OAuth

 

Flowchart