You can use a second authentication factor though. For example, push
notifications (which ties back to Apple servers and the device’s serial number)
and SMS verification code (commonly found in two-factor authentication schemes)
> On Jun 23, 2015, at 02:05, Kyle Sluder wrote:
>
> On Mon, Jun 2
On Mon, Jun 22, 2015, at 12:32 PM, Alex Zavatone wrote:
> Basically, we're trying to make sure that we limit just what type of
> client can contact our web service and limit it to our iOS and Android
> apps.
Generally speaking, this isn't possible. All of the information
necessary to authenticate
Basically, we're trying to make sure that we limit just what type of client can
contact our web service and limit it to our iOS and Android apps.
Using full challenge response seems to be frowned on since if we implement it,
it's across all servers and this would break the current clients we hav
> On Jun 22, 2015, at 6:43 AM, Alex Zavatone wrote:
>
> We're all familiar with using a SSL cert to get a client to trust a server,
> but we're looking at is getting a server to trust that a trusted client is
> allowed to access it.
Yup, that’s SSL (or TLS) client certificate authentication.
Using client-side certificates in TLS is pretty standard stuff, and should
be well-supported by the system. You might start here:
https://developer.apple.com/library/ios/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html
The biggest issue with something like thi
We're all familiar with using a SSL cert to get a client to trust a server, but
we're looking at is getting a server to trust that a trusted client is allowed
to access it.
I was thinking of embedding an SSL cert within the iOS app and validating
against that, but I'm sort of lost on a way to s
