+1 to the idea since basic auth will be first used to obtain the consumer secret. But we might have to change the flow from how it usually work.
Cheers~ On Thu, Apr 17, 2014 at 12:17 PM, Kasun Dananjaya Delgolla <[email protected]>wrote: > Hi All, > > We're going to protect all the API calls from EMM client side using OAuth. > > I have a concern whether to store the consumer key/secret inside the EMM > Agent Application or making it dynamic. We can actually send those 2 when > the user authenticates from the mobile client (As the response), and then > we can store it inside a private preference (Which is application private). > > I see this as the safest way because keeping it hardcoded in the source or > a file might be extremely easy to hack. So WDYT? > > Regards, > -- > Kasun Dananjaya Delgolla > > Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > Tel: +94 11 214 5345 > Fax: +94 11 2145300 > Mob: + 94 777 997 850 > Blog: http://kddcodingparadise.blogspot.com > Linkedin: *http://lk.linkedin.com/in/kasundananjaya > <http://lk.linkedin.com/in/kasundananjaya>* > > > > -- > Kasun Dananjaya Delgolla > > Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > Tel: +94 11 214 5345 > Fax: +94 11 2145300 > Mob: + 94 777 997 850 > Blog: http://kddcodingparadise.blogspot.com > Linkedin: *http://lk.linkedin.com/in/kasundananjaya > <http://lk.linkedin.com/in/kasundananjaya>* > -- Chan (Dulitha Wijewantha) Software Engineer - Mobile Development WSO2Mobile Lean.Enterprise.Mobileware * ~Email [email protected] <[email protected]>* * ~Mobile +94712112165* * ~Website dulitha.me <http://dulitha.me>* * ~Twitter @dulitharw <https://twitter.com/dulitharw>* *~Github @dulichan <https://github.com/dulichan>* *~SO @chan <http://stackoverflow.com/users/813471/chan>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
