Re: [Dev] EMM OAuth Implementation - Android - Storing Consumer Secret

Thu, 17 Apr 2014 01:43:31 -0700 

Is consumer/secret key unique to a user or is it unique to the app?


On Thu, Apr 17, 2014 at 12:20 PM, Chan <[email protected]> wrote:

> +1 to the idea since basic auth will be first used to obtain the consumer
> secret. But we might have to change the flow from how it usually work.
>
> Cheers~
>
>
> On Thu, Apr 17, 2014 at 12:17 PM, Kasun Dananjaya Delgolla <
> [email protected]> wrote:
>
>> Hi All,
>>
>> We're going to protect all the API calls from EMM client side using OAuth.
>>
>> I have a concern whether to store the consumer key/secret inside the EMM
>> Agent Application or making it dynamic. We can actually send those 2 when
>> the user authenticates from the mobile client (As the response), and then
>> we can store it inside a private preference (Which is application private).
>>
>> I see this as the safest way because keeping it hardcoded in the source
>> or a file might be extremely easy to hack. So WDYT?
>>
>> Regards,
>> --
>> Kasun Dananjaya Delgolla
>>
>> Software Engineer
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>> Tel:  +94 11 214 5345
>> Fax: +94 11 2145300
>> Mob: + 94 777 997 850
>> Blog: http://kddcodingparadise.blogspot.com
>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya
>> <http://lk.linkedin.com/in/kasundananjaya>*
>>
>>
>>
>> --
>> Kasun Dananjaya Delgolla
>>
>> Software Engineer
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>> Tel:  +94 11 214 5345
>> Fax: +94 11 2145300
>> Mob: + 94 777 997 850
>> Blog: http://kddcodingparadise.blogspot.com
>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya
>> <http://lk.linkedin.com/in/kasundananjaya>*
>>
>
>
>
> --
> Chan (Dulitha Wijewantha)
> Software Engineer - Mobile Development
> WSO2Mobile
> Lean.Enterprise.Mobileware
>  * ~Email       [email protected] <[email protected]>*
> *  ~Mobile     +94712112165 <%2B94712112165>*
> *  ~Website   dulitha.me <http://dulitha.me>*
> *  ~Twitter     @dulitharw <https://twitter.com/dulitharw>*
>   *~Github     @dulichan <https://github.com/dulichan>*
>   *~SO     @chan <http://stackoverflow.com/users/813471/chan>*
>



-- 
Regards,

Chatura Dilan Perera
*(Senior Software Engineer - WSO2 Inc.)*
www.dilan.me

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to