Thursday, June 6, 2024
HomeiOS Developmentoauth 2.0 - Can I securely use confidential consumer auth in an...

oauth 2.0 – Can I securely use confidential consumer auth in an iOS app if I’ve a server?


I’m attempting to know if I can do what I want to accomplish with Oauth with out creating safety points.

I’ve an iOS app that connects to a third social gathering oauth api presently utilizing PKCE auth. It shops the refresh/entry tokens within the keychain and as quickly as a refresh occurs the previous refresh token will get invalidated and the brand new one will get saved as a substitute. Refresh token rotation solely occurs for pkce auth, not for traditional confidential consumer auth.

I need to add some serverside capabilities with consumer accounts for customers that decide right into a sure characteristic, the place the server would additionally must have an energetic session for that consumer.

My present setup won’t work with this as a result of the third social gathering API invalidates the refresh token as soon as renewed, in order that signifies that the app and server aspect can’t preserve energetic periods.

So I’m questioning if there’s a that I can securely swap my utilization in my app to consumer credential move and perhaps have a server that steps within the center and has the consumer secrets and techniques in it, so the app might use consumer credential move after which ship a refresh token into the server for sure customers and the server can have an energetic session.
is that this doable?



Supply hyperlink

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments