django - OAuth2 server-side flow or client-flow for Facebook login on iOS app -
i'm coding api django + drf , client ios app. users need able authenticate facebook.
my initial thought implementing client-side flow, send access token via https backend, retrieve user info token , register/login user end , seems approach popular since it's easier implement using facebook ios sdk.
is there security gain using server-side flow instead?
but i'm not sure implementation of server side flow. understanding there link third party oauth endpoint (does need web view or link facebook native app?) redirection uri embedded (the app custom url? myapp://...? right?). ressource owner authenticate , redirected client (the app). ios app access code url , send access code end. end uses id , secret along code user access token (so it's never handled client).
wouldn't work?
does worth security-wise?
in mobile app, doesn't makes sense use client-side flow?
i understand tokens gotten client side flow in cases short-lived (depends on provider), not problem since facebook provides endpoint trade short lived tokens long lived ones.
thanks!
Comments
Post a Comment