Account registration on mobile application
Question
I'm working on a hybrid mobile application for both android / iOS, which mainly send requests to a restful server using an access token for authentication / authorization.
However, not sure how to implement the account creation part, would it be ok to allow a POST request with an email address / password to register a user? Something like POST /signup (Of course using https, email verification etc).
Or is there a better alternative?
1 answers
solution1
1 ACCPTED 2015-08-05 23:05:11
This is essentially how classic signup works on most mobile apps. POST email/password to a signup URL and receive an access token in the response.
If you want to get fancy, you can incorporate a secret app token so the request can be signed, and the server can theoretically guarantee the request came from your own app and no-one else's. The problem though is a "secret" in the client is not really a secret, anyone has access to the compiled code and the requests being made. (Twitter, for example, has encountered this problem .)
There's also single-sign on via Twitter, Google, Facebook, etc. in which case you can just upload the access token after user authenticates on the device. Some apps also request a phone number instead of email, and then verify by SMS (which is automatic if the app can read SMS), eg WhatsApp.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.