I am trying to figure out what would the best choice be in terms of security for a web application that might (in the future) be used with as well with a dedicated Android app.
Yet, the possibile choices I've been through are OAuth (2-legged) and Basic Http Authentication via TLS. Please keep in mind that when I refer to OAuth, I am considering both OAuth 1.0a and OAuth 2.0, of course as different alternatives. Here are my doubts: 1) First, would it make any sense nowadays to set up a security system based on OAuth 1.0a? Should it be considered "too old" and hence a completely wrong pick? 2) I can't figure out a real world scenario where 2-legged OAuth is cleary a better option then Http(S) Auth. What extra bonuses do I get from it? 3) Given that I'm not a veteran security expert, would OAuth be a reasonable choice? 4) Are there support frameworks or other third-party auxiliary tools that one may use in order to obtain a secure-reliable-thrustworty implementation of OAuth in less time and/or with less effort than just trying to figure it out completely by him/herself -- You received this message because you are subscribed to the Google Groups "OAuth" group. To unsubscribe from this group and stop receiving emails from it, send an email to oauth+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.