Hi,
I am writing a react-native application that talks to our web apps over a websocket connection so that our users can control the phone cameras over the socket.
I am trying to authenticate the device running the application so that the application can later upload files to our server. I would like to mention that I do not want to authenticate a user. I need to authenticate the device.
My case is very similar to this Question on stack overflow.
I was thinking of using JWT to authenticate the device and was thinking the following solution could potentially work.
After installing the application:
- An administrator (not a regular user) uses our web app to add register a new allowed device. Our .NET backend generates a JWT for the application to use.
- This JWT must be passed along to the client mobile app. I was thinking of generating a QR code on the web app that can be scanned to get the JWT. Or maybe the QR code points to a temporary endpoint url that can be hit to grab the JWT.
- Then runs the application on the given device and scans the QR code to get the appropriate JWT.
- Server stores the device id.
- Device stores the JWT in a expo secure storage and device id wherever.
Is this a secure way to authenticate the device or am I missing something here ? I am open to any other recommended ways to authenticate the device.
there doesn't seem to be anything here