How to use oAuth2 "Resource owner credentials grant" IOS APP?

1
votes

I am building my REST API to be used with my IOS app. I have a little problem...

How do I implement the "resource owner password credentials grant"? I cannot store the client credentials in the IOS app code (not secure) so I have no idea how to secure the API.

So basically, I would be using HTTP Basic Authentication over SSL which would return a token. However, this means that anyone can make a simple post request to my API endpoint from wherever and also obtain a API access token. Basically I'd have a open API.

What do you recommend?

1
iosapisecurityoauthoauth-2.0
Do not use The Resource Owner Credentials Grant for your specific application. See my answer to stackoverflow.com/questions/26502495/…Kris Vandermotten

1 Answers

0
votes

you can actually use keychain to store the data you need .. it's totally secure.. but sure don't store password in it, it will be a deal breaker for you :)

you can request with the password of the user an access_token from the oAuth as you've suggest and store the access token into the keychain.. it proved that it's secure for me .