api - Why application user token need be used for mobile applications -

-

in wso2 apim, according documentation on generating user access token [1]: https://docs.wso2.org/display/am140/generating+access+tokens+to+invoke+apis , says ' user-level tokens allow users invoke api third-party application mobile app'.

  1. are these user access tokens used avoid client_id , client_secret exposed via untrusted mobile applications?
  2. if so, when creating application user token, token api [2]: https://docs.wso2.org/display/am160/token+api , in below request

curl -k -d "grant_type=password&username=&password=&scope=production" -h "authorization: basic svpzswk2seriqjvlofzlzfpbblvpx2zam2y4ytphbtbisjzvv1y4zkm1t1fmtgxdnmpzbefdvzhh, content-type: application/x-www-form-urlencoded"

username , password , encoded string of client_id:client_secret sent create new token. mean user_name, password , encoded client_id:client_secret need have saved in mobile application? if so, since mobile application can decompiled , extract these information(even decoding base64 encoded string of client_id:client_secret) client_id , client_secret exposed others.

how handled in wso2 apim? please correct me if have misunderstood concept here.

your understanding correct. in mobile application case, believe based on app design.

for example, when mobile user login mobile app, app has authenticate central system, run on apimanager server. system, internally, hard codes secret key , consumer key make request backend. so, when user authenticates central system, user's login session, username, password extracted make api call. thats how, server manage throttling also. not like, mobile app contains logic.


Comments

Post a Comment

Popular posts from this blog

java - Intellij Synchronizing output directories .. -

-
i trying build project, run in debug mode , keep getting "synchronizing output directories" in intellij. takes around 5-10 minutes actual build. project empty , stored on local drive. tried invalidate catche has not worked. out of ideas .. had similar issues? most likely, of data on network drive or in profile being synchronized network drive. if on windows, try moving .ideaxxx/system directory , work directory somewhere else on c: drive.
Read more

git - Initial Commit: "fatal: could not create leading directories of ..." -

-
i trying make initial commit git repository on github unity project. followed along this guide am. note: reason or another, couldn't set unity's asset serialization mode force text, settled on mixed (which believe should work). when call git clone --bare . , error. note not creator of repository , contributor (though making initial commit). here's in terminal (i'm using git bash): welcome git (version 1.8.4-preview20130916) run 'git git' display index. run 'git <command>' display specific commands. cheddar@cheddar-pc ~ $ cd documents/ics168swarch/ cheddar@cheddar-pc ~/documents/ics168swarch $ git init initialized empty git repository in c:/users/cheddar/documents/ics168swarch/.git / cheddar@cheddar-pc ~/documents/ics168swarch (master) $ git add . warning: lf replaced crlf in assets/prefabs.meta. file have original line endings in working directory. warning: lf replaced crlf in assets/prefabs/pellet.prefab.meta. file have original
Read more