Authentication system between a mobile app and a REST API

<p>Hello Gophers,</p> <p>I&#39;m currently developing a REST API that would receive user-related data from a mobile app to be inserted in a database. I was wondering what kind of (possibly simple) authentication system do you advise me to use in my REST API in this context.</p> <p>Initially, I thought of storing credentials in the mobile app and sending them to the API, that would return a randomly generated token that would expire periodically, it&#39;s quite simple but I don&#39;t think it&#39;s very safe.</p> <p>Thanks in advance for your advices!</p> <hr/>**评论：**<br/><br/>metamatic: <pre><p>Use OpenID Connect.</p> <p>It&#39;s a subset of OAuth2. Whereas the OAuth2 standard leaves you with a ton of options, OpenID Connect picks out a subset of those options that will actually be secure.</p></pre>