Authentication and Authorization for Native Mobile Applications using OAuth 2.0
OAuth 2.0 has in the recent years become the de-facto standard of doing API authorization and authentication on mobile devices. However, recent critics have claimed that OAuth does not provide sufficient security or ease-of-use for developers on mobile devices. In this thesis, I study four approaches to mobile authorization using OAuth 2.0, and suggest an improved solution based on current industry best-practices for security on Android. The end result is a solution which provides a native authorization flow for third-party developers to integrate with an existing API endpoint. However, the thesis shows that even with current industry best-practices the proposed solution does not provide a completely secure approach, and developers must keep the security consequences of that fact in mind when implementing OAuth on mobile devices.
Place, publisher, year, edition, pages
Institutt for datateknikk og informasjonsvitenskap , 2013. , 68 p.
IdentifiersURN: urn:nbn:no:ntnu:diva-22969Local ID: ntnudaim:9676OAI: oai:DiVA.org:ntnu-22969DiVA: diva2:655603
Stålhane, Tor, Professor