Customer consent will inevitably be a consideration in any telco’s open network strategy. Mobile apps can make use of sensitive information (such as context, location and profile data) or charge for goods and services via mobile payments. Therefore, apps often require explicit opt-in and consent from the end-user.
In many cases, this opt-in mechanism is not tightly integrated with the application and app developers are obliged to redirect to a Web page to complete the process – making the user experience confusing and difficult. A full-featured OAuth implementation can support in-app authentication and consent, ensuring a consistent user experience.
Layer 7 offers an OAuth Toolkit, which is the ideal solution for adding authentication and authorization to an API, in a mobile and cloud-friendly way. The scope of the authorization can easily be configured based on the API in question (payment, location, context etc.) and additional security steps (like two-factor authentication via SMS) can also be added.