Good morning.
I have a Web Service Rest implemented and I am working on the security of the same one at the moment.
This Web Service was implemented using Spring Boot. Initially I will have clients as an Android Application and a Web Application, but in the future I think of making this API public, so I have to think about this as well.
I researched a lot about Spring Security Oauth2, but I have basically two questions:
- All the examples I've seen so far have been using a Web App client, where the server redirects to the url's authentication. In an Android application, how is this authentication done? After all, I'm not working with Html on Android to be redirected.
- I need to login to Facebook, where the user can share from the App. Initially I thought about the possibility that the app's clients are responsible for performing this authentication and somehow send it to my server later, as I believe which would be more practical than Spring Social. Is this possible?
Thank you, and all the tips on the architecture of my use case are welcome.