Skip to content Skip to sidebar Skip to footer

Can OAuth Be Implemented With Two Factor Authentication Using A Mobile Device And QRCodes?

I've been looking into OAuth to see if it can be used in a project I'm working on. I'm starting to doubt if its possible. It's based on two factor authentication with a mobile devi

Solution 1:

I don't think OAuth finds a place here, you have only one server and your mobile user is not known to it. OAuth is used when a client (eg:web-app, android app) needs to talk to a server (eg:Google Plus) on behalf of an end-user that there owns some resource (eg: end user google drive files), protecting their credentials. Eg: You cannot/dont'need to know their password in Gplus, GPlus tells you they are authorized users there and allows you to do things on their behalf, see http://en.wikipedia.org/wiki/OAuth

Why you user does not insert username and password in the Android App, without the QRcode ? I dont' think you are adding any security with this qrcode that anybody can scan, look at Google 2 Step: http://en.wikipedia.org/wiki/Two-step_verification they send an sms


Post a Comment for "Can OAuth Be Implemented With Two Factor Authentication Using A Mobile Device And QRCodes?"