Projects for my talk Android Authentication in the Web World
Additional resources and slides
Contains an example Android app that performs the authentication types discussed in my talk.
Three different implementations of the same web services to handle the different authentication types. None of them use an actual user store, they all accept hard-coded credentials and are only useful for exercising the Android client. Do not consider the service code production-ready, it's only for demos.
There is a Dockerfile which hosts all the services in Tomcat. Simply build all the services with Gradle from the root, then execute the docker.sh script to create the container.
A Java implementation of HMAC using Spring. This is a simplified implementation for demonstration, it is not secure. It lacks the use of nonces.
An ASP.NET 4 project containing an MVC REST API.
A Java implementation of the services using the Spring Security framework. The framework sits in front of the services. This configuration performs both HTTP Basic and HTTP Digest authentication.
A Java implementation of the services using the Spring Security framework. The framework sits in front of the services. This configuration performs a simplified and insecure version of oAuth2 as everything happens in the query string. Useful only for demoing the Android app and oAuth process. Not for actual use.