Mike,
If you are new to OAuth, I suggest you play with the OAuth Java
Library in a servlet without JAX-RS first so you can use the examples
provided. You may come to the conclusion that JAX-RS isn't the right
technology for this, like we did. JAX-RS may buy you something if you
plan to use WADL.
iPhone apps can register custom protocol handlers and then pass a callback
url like apphandler://callback/url/here
There is a detailed explanation of how this process works that I found
here:
http://www.mobileorchard.com/apple-approved-iphone-inter-process-communication/
I'm pretty sure that this
John/Zhihong,
I would like to add something to the 'client being uprotected with the
consumer secret'.
A client can be a reliable consumer if it protects the secret. It's
true that clients are easier to crack then a consumer that is a web
server, but again the server consumer can also be broken.
I've read that an iPhone app can't retrieve Key Chain items that were
stored by other apps.
http://www.softwareops.com/blogs/iPhone/iPhoneDevBlog_files/b4452aa19b4b4d6fb2a7c149dbacaa75-33.html
If true, the Key Chain would be a good place to store token secrets.
On Jul 26, 11:25 am, Monis
Monis,
I agree it's harder to steal secret from binary but it's not much
harder. You can simply setup a breakpoint and read out the secret from
debugger for most apps. You can throw a few more hurdles by using an
obfuscator. That will stop me but that's no match to hackers either.
OAuth's