Closed CedricCook closed 9 years ago
Did you discuss this internally? It would be good if somebody is assigned to the issues; that person can lead the discussion and make sure the issue is not forgotten.
This is an important issue, since it will define how the mobile app and the server write their HTTP messages and how users will be identified by the server.
Does anybody have experience in this matter ?
OAuth2 would allow you to support a variety of accounts. You can also just stick to Google accounts for now, if they're easy to integrate (and I assume they are). I strongly discourage implementing your own authentication, as it's very easy to get it wrong.
I also don't think we should implement our own authentification, because of the lack of time and also security-wise, despite the fact that this is - to my point of view - one of the most interesting part of the project.
Leave your comments here to discuss what authentication method we will use: