You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am setting up a Django backend REST API which served data to my android application.
Currently the following happens:
The android application authenticates with Google OAuth2,0 and obtains an access token
The android application sends the access token along with the client secret and client id generated by django-oauth-toolkit to the convert-token endpoint, and in returns receives an access token to access the protected API
The server then serves private data to the android app whenever it makes a request having the access token in the header
Now if I store the client id of step 2) in the android app, then what's to stop a person from decompiling the apk, getting the client secret, and making the convert-token request, bypassing my android app, and using the returned access token to access/modify private data in my server REST API in an uncontrolled way?
The text was updated successfully, but these errors were encountered:
My team and I are constantly using this framework and it seems it has died out there. I contacted the owner by email asking if he would add some of us as maintainers so we could continue to improve it. However we didn't get a response.
I am publishing the project under my profile and we are going to continue to invest time in it.
I am setting up a Django backend REST API which served data to my android application.
Currently the following happens:
convert-token
endpoint, and in returns receives an access token to access the protected APINow if I store the client id of step 2) in the android app, then what's to stop a person from decompiling the apk, getting the client secret, and making the
convert-token
request, bypassing my android app, and using the returned access token to access/modify private data in my server REST API in an uncontrolled way?The text was updated successfully, but these errors were encountered: