The TIL app shows how to create a User but only if there’s currently a valid token. In a real application we’d need to allow clients to create a User via an API that doesn’t require authentication, right?
Yeah, if you want to open it up to the public (like most apps) then you’ll need a public API that isn’t protected by any credentials. There are other mitigations you might want to investigate, like IP address throttling, client secrets (so only your iOS app can create users) etc
1 Like