dc.contributor.advisor | Stålhane, Tor | nb_NO |
dc.contributor.author | Aas, Dag-Inge | nb_NO |
dc.date.accessioned | 2014-12-19T13:39:57Z | |
dc.date.available | 2014-12-19T13:39:57Z | |
dc.date.created | 2013-10-12 | nb_NO |
dc.date.issued | 2013 | nb_NO |
dc.identifier | 655603 | nb_NO |
dc.identifier | ntnudaim:9676 | nb_NO |
dc.identifier.uri | http://hdl.handle.net/11250/253272 | |
dc.description.abstract | OAuth 2.0 has in the recent years become the de-facto standard of doing API authorization and authentication on mobile devices. However, recent critics have claimed that OAuth does not provide sufficient security or ease-of-use for developers on mobile devices. In this thesis, I study four approaches to mobile authorization using OAuth 2.0, and suggest an improved solution based on current industry best-practices for security on Android. The end result is a solution which provides a native authorization flow for third-party developers to integrate with an existing API endpoint. However, the thesis shows that even with current industry best-practices the proposed solution does not provide a completely secure approach, and developers must keep the security consequences of that fact in mind when implementing OAuth on mobile devices. | nb_NO |
dc.language | eng | nb_NO |
dc.publisher | Institutt for datateknikk og informasjonsvitenskap | nb_NO |
dc.title | Authentication and Authorization for Native Mobile Applications using OAuth 2.0 | nb_NO |
dc.type | Master thesis | nb_NO |
dc.source.pagenumber | 68 | nb_NO |
dc.contributor.department | Norges teknisk-naturvitenskapelige universitet, Fakultet for informasjonsteknologi, matematikk og elektroteknikk, Institutt for datateknikk og informasjonsvitenskap | nb_NO |