Authenticate between web platform and mobile device using OAuth


#1

Hi,

The problem I’m having is not authenticating on each platform and individual device, but securely authenticating the mobile device with our server. I want the user to sign in to our web platform via Twitter’s OAuth, and then add data. I then want the user to sign in via a mobile device application, and be able to pull the data associated with their account on our platform.

Is it possible to securely authenticate the user with our server by matching OAuth Tokens between the one stored on our server and the one stored on the mobile device? Are OAuth tokens different between different devices of the same user? If they are the same, then I can match them and assume that the user is authenticated and can access his/her data on our server. If I’m not mistaken, this would require Reverse Auth in order to gain access to the OAuth tokens.

In short, I don’t want to use in-house authentication, and instead want to rely on Twitter’s OAuth. What properties of Twitter should I use to authenticate the user on the mobile device with our web based platform?

Best,
Christian


#2

I would think that if you are using a database, you could store the user’s Twitter ID number, which is returned by the authentication routine. Then use that Twitter ID to connect the data. The access tokens I believe are regenerated each login or something so that may not work for you. The Twitter ID is only thing that doesn’t seem to change.


#3

I understand - thanks for your reply. With regards to hard-coding your application’s token and token secret, how do most people obfuscate this data to prevent reverse-engineering?


#4

please i want my account to be verified