1

Im generating a REST database service for an android application to connect to, and have little to no security experience. the service currently uses OAuth2 to secure a web front end with a Spring Boot application. I want to expose a REST service for an android application to access the same data.

My question is this, users are authenticated via the android app, but how can I also secure the REST endpoint for that user to access the endpoint in the same session?

Im not looking so much for an implementation as I am a direction/ technologies that are used so I can learn.

StillLearningToCode
  • 111
  • 1
  • 1
    Will each user have their own username & password on your REST database service? – 700 Software Jan 26 '17 at 21:32
  • Not at the moment. There really isn't a reason for a user to log in to the db service. – StillLearningToCode Jan 27 '17 at 00:04
  • How will you authenticate the user then? Will you generate a login key automatically in the app (which could get wiped), or will the user be logging in with a Google or other account they already have? – 700 Software Jan 27 '17 at 13:29
  • Is it important that each user is identified separately, or do they all just Read-Only access the same data via the REST service through your app? – 700 Software Jan 27 '17 at 13:30
  • 1
    at the moment the users are logging in via Google+ and facebook. and they have unique data on the service. so It would be important to separate them. – StillLearningToCode Jan 27 '17 at 21:53

0 Answers0