Mobile applications

OAuth 2.0 is designed to work well with mobile applications, both native and web applications.

Typically the application will initate login opening a web view where the user enters credendials. Dataporten then issues the access token and sends it back to the mobile app.

The app will use the token to look up information about who the user is, and maybe communicate with its backend through the Dataporten API Gatekeeper.

Authentication

There are more than one approach to deal with how a native app opens the authorization web view for the user. We strongly recommend to use the native browser for this.

System-wide browser and custom URL schemes

To initate the OAuth 2.0 flow, open the native browser app to open the OAuth authorization URL.

Register a custom URL Scheme for the native app, such as mydataportenapp.

In the Dataporten dashboard, register a redirect URI such as mydataportenapp://.

Then register a listener that is triggered when the app is opened with this scheme, and then deal with receiving the OAuth token.

With an early prototype of the Dataporten platform we prepared a demo mobile app using Cordova / Phonegap:

In-app browser

Alternatively, the mobile OS typically offers a web component that might be used within the app.

We would not reccomend this option. Mostly because of the security flaw of the user not being able to verify the SSL connection to Feide, and having to trust that the app is not intercepting and stealing the password.

Protecting access to backend APIs

The Dataporten API Gatekeeper is very well suited to handle access control to the API backend of your client.