goal : creating mobile app needs hit aws server , want make sure app can hit server.
constraints : never want user have login app. if research correct, believe eliminates use of tokens (such jwt). think eliminates use of tokens because have no way of refreshing token in user's app.
proposed solution : encrypt key (a string) in app (let's string "allow") using bcrypt in mobile app. use https post request hit server encrypted key "allow" embedded in body. in server logic read contents of https post body, decrypt string, , allow further logic done in server if decrypted string = "allow".
question proposed solution make sense? if not, guidance should do?
i believe possible because read here the body of https post encrypted. therefore think placing bcrypt encrypted key in body should layer of security server.
is api? instead of adding key value post body, add header value. encrypted on https. if mobile app using can use "user-agent" header.
whatever header choose, evaluate on server mentioned.
however, note figure out how works. prevent most people trying figure out.
i'm not convinced bcrypt key. if using https encrypted anyway.
Comments
Post a Comment