asp.net-web-api2OAuth 2.0 in ASP.NET Web API


Remarks

Registering in an Android Application

These are the steps I've taken to log in / register using an Android app:

  • Have a login activity which queries the ExternalLogins route, getting the available providers. This activity should have the NoHistory flag enabled and launch as a single instance.
  • On a user's button press, launch a Custom Chrome Tab with the provider's URL. The user should be logged in and redirected back to your published site at the given return URL. Don't use a WebView.
  • Have this page redirect the user again, using a custom URI scheme to launch a post-login activity within your application with the access token, expiry date and user account details added as additional data. This will need to be done in JavaScript on the web page, as the server's controllers can't access the URL parameters.
  • Store the user's details and token in a local MySQL database. On each login, check to see if the token is still in date.
  • Any calls to the API can now be authorized using the Authorization HTTP header, with your stored token added as so: “Bearer {token}”