OAuth 2.0 With Web API and Xamarin
I'm new to web development, so bear with me.
- I have developed a back-end server in C # (not a web application) that exposes some functionality through a REST API implemented in a Web API (OWIN and Katana).
- I have developed a Xamarin android app that uses this API.
Now I want to enable API usage only for users authenticated with Google.
I know OAuth is the way to do it, and I've read a lot about it, but I'm still confused about the role here and who should be doing something.
What should my server do or implement? what should my client do or do?
source to share
An important feature of OAuth2 to be aware of are two different types of authentication flows:
- implicit authentication flow
- explicit auth flow
I personally found the Instagram API documentation to explain this pretty well: https://instagram.com/developer/authentication/
Explicit authentication flow is a bit tricky because it requires additional coordination from your custom API. The implicit authentication flow is a little easier because your app is just looking for a piece of the URL that is returned from the OAuth provider. This URL snippet contains a token that you can use for subsequent API calls you want to talk to, Google in your case.
But in your case, it looks like you want to use Google as the identity provider for your custom API, right? In this case, I think you will need to use an explicit auth stream. Again, check out the Instagram docs. I find they explain OAuth2 especially well.
EDIT:
And remember the Xamarin.Auth component, which is designed to relax OAuth scripts. You can find it on the Xamarin Component Store or on Github .
source to share