I am new to web development and currently I am developing an Rest API which is to be consumed by an IOS app. So I developed the API and also implemented jwt token with oauth2 security in it.Now I want to provide the API to be consumed by the mobile app.So my backend server has SSL certificate. So the consumed Rest API will be something like
https://server:port/dataapiurl
So far I have read about SSL and JWT and i already they are for different reasons where SSL is used for encrypted channel between client server communication and JWT is used for Authorization.
So there will be no point if even I implement JWT and the communication is not in SSL.So to make sure the communication is done between client and server what have to be done on the client (mobile app) side?
1.Does the mobile app need to install a new certificate Or the SSL certificate of our backend server?
2.If it is our backend server's SSL certificate then how to install it in the mobile app ?
Any Help is appreciated.
You you can but haven't to set your ssl cert on the client. You can just conform to the NSURLSessionDelegate protocol and implement this :
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler{
if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
NSArray* netTrusts = @["your hostname here"];
if(netTrusts != nil && [netTrusts containsObject:challenge.protectionSpace.host]){
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential,credential);
}
}
}