Hello Gophers,
I'm currently developing a REST API that would receive user-related data from a mobile app to be inserted in a database. I was wondering what kind of (possibly simple) authentication system do you advise me to use in my REST API in this context.
Initially, I thought of storing credentials in the mobile app and sending them to the API, that would return a randomly generated token that would expire periodically, it's quite simple but I don't think it's very safe.
Thanks in advance for your advices!
评论:
metamatic:
Use OpenID Connect.
It's a subset of OAuth2. Whereas the OAuth2 standard leaves you with a ton of options, OpenID Connect picks out a subset of those options that will actually be secure.
