Authorisation for a mobile app

I see your point.
A solid app should just be a view.

Due to paranoia, we’re used to thinking that if an app has full access, the “company” has access.
And idd, they could record the login, …

The problem is, it can’t be enforced, as such.

If someone steals the password to, let’s say a webshop, they only have access to the webshop.
But if they steal your webID credentials, they have the complete pod.

srry thinking out loud
This is turning out to be a point pro OCAP, I think.

4 Likes