Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OAuth/OpenID - which should I use?

Tags:

android

oauth

openid

I am developing an Android application which requires users to register and log on to a website and then use that registration information in an Android app. Should I be using oauth or openid or is there something better to make it not a requirement that I develop a single-use authentication system?

like image 359
alshapton Avatar asked Nov 22 '10 19:11

alshapton

People also ask

Which OAuth flow should I use?

For most cases, we recommend using the Authorization Code Flow with PKCE because the Access Token is not exposed on the client side, and this flow can return Refresh Tokens. To learn more about how this flow works and how to implement it, see Authorization Code Flow with Proof Key for Code Exchange (PKCE).

What is the difference between OAuth 2.0 and OpenID Connect?

OAuth 2.0 is designed only for authorization, for granting access to data and features from one application to another. OpenID Connect (OIDC) is a thin layer that sits on top of OAuth 2.0 that adds login and profile information about the person who is logged in.

Should I use OAuth or OAuth2?

OAuth 2.0 is much more usable, but much more difficult to build securely. Much more flexible. OAuth 1.0 only handled web workflows, but OAuth 2.0 considers non-web clients as well. Better separation of duties.

Which is better SAML or OIDC?

Want to quickly set up an identity platform, choose OIDC over SAML, without thinking twice. Implementing a basic OIDC solution is much simpler, compared to SAML, which would require heavy-weight XML processing. Have an API-centered architecture, with a lot of mobile and single-page applications, use OIDC.

1 Answers

OpenID

If you're just looking to authenticate a user in your android app without exchanging data between your application and user data stored & managed by a third party service provider (like google,flickr,facebook,....), then OpenID might be the better option for you.

There is a java based library that should work on the Android platform called openid4java.

OAuth

OAuth, although part of the workflow involves authenticating against an OAuth service provider, is more focussed on the authorization part, as it is to a large degree unaware of the underlying authentication mechanism.

If you want your application to act on the users behalf (to fetch user data stored at a third party that supports oauth), then OAuth is an interesting option. OAuth is not capable of acquiring the identity of the user, it merely acts as an authorization mechanism for an already identified user.

Signpost is a java based library that works on Android.

OpenID Connect

For early adopters, another interesting solution on the horizon is Open ID connect, that combines the best of the 2 worlds.

Take a look at the following posts for more background info.

  • What's the difference between OpenID and OAuth?
  • http://softwareas.com/oauth-openid-youre-barking-up-the-wrong-tree-if-you-think-theyre-the-same-thing
  • http://thenextweb.com/socialmedia/2010/11/04/facebook-connect-oauth-and-openid-the-differences-and-the-future/

And of course the specs :

  • http://openid.net/
  • http://oauth.net/
like image 182
ddewaele Avatar answered Oct 17 '22 08:10

ddewaele
Sign in to Comment

Related questions

How to detect if PIN/password/pattern is required to unlock phone?
Android custom RatingBar image artifacts
intent extras are duplicated when using FLAG_UPDATE_CURRENT in PendingIntent when creating android notifications
scrollingCache?
DDMS showing empty file explorer for online emulator
Android notfication BigPictureStyle disappearing text
service - android clipboard listener
What does ic_launcher stand for?
How to Give Screen Overlay Permission On My Activity
java.lang.NoClassDefFoundError: Failed resolution of: Landroid/support/v4/util/ArrayMap;
How does forceLayout() work in Android
Strange debug output in app since upgrade to Visual Studio 2017 15.3.0
How to get 'android.enableR8=true' to pass without warning?
Android Databinding DatabindingUtil vs binding class
How to use Scratch Files in Android Studio?
Jetpack Compose LazyColumn programmatically scroll to Item
Android Content Provider database leak issue
Custom ContentProvider - openInputStream(), openOutputStream()
Android View.onDraw() always has a clean Canvas
How to create Context Menu using XML file?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!