I’ve been studying loads about OAuth 2 circulation not too long ago, and I wished to ask if that is relevant to the app that I’m constructing, and what kind of safety I must be utilizing.
- We now have a local ios/android and angular SPA app.
- We construct/personal/management our personal backend apis, and solely our frontend apps can(ought to) talk with these apis.
- Person logs in on a kind, we validate credentials on backend, and return a JWT again, which is then used for subsequent requests. Entry to most apis is restricted to logged in customers, different apis are open to the online to permit customers to register.
I can not see a use case right here for OAuth right here, nevertheless, all the things I’m studying appears to recommend that it’s required. We is not going to be delegating entry to 3rd celebration techniques, we merely solely wish to validate our personal prospects, and solely permit them to entry our apis by way of our entrance finish apps, after they’ve logged.
Is the strategy I’ve outlined which we’re presently doing appropriate, or do I must implement OAuth Authorization Code circulation, and in that case are you able to please clarify why ?