as my application is almost finished, I need to add an authentification layer to it.
I would like the implement OAuth2 to do so, but as my users are intern to my company, I can’t use a third party like facebook or google to do the authentification, I need to set up my own OAuth2 server. With this kind of application, a “public” one, as all the source code is easily accessible, the only grant I can use with OAuth2 is the Implicit grant, designed for this purpose.
Does anyone had to implement a system like that (which appears to be pretty common) ?
Is OAuth2 overkill for just one API, only related to my mobile app ? If yes, what are the alternatives ? (I exclude basic auth, I don’t want to send my users credentials with each requests, even with https enabled)
Thanks for your help.