I am build an integration on Magento 2.0 for an ERP which will require to create an extension. Apart from using the Magento REST API, I will be creating few custom API to update some data. Magento provides multiple ways to authenticate a request, via newly available oAuth 1.0, token based and direct login. It says oAuth 1.0 is preferred while creating 3rd party apps.
To list a Magento extension on Magento connect, is it necessary to use oAuth 1.0 or is it okay to use token base, which is much simpler to implement? Are there any pros for using oAuth 1.0 in place of token based auth for 3rd party apps.
Using OAuth 1.0 will make it more frictionless for the user as then you can avoid asking user to generate and copy-paste the token.
There is quite good solution here that will allow you to create integration automatically from the configs. User would only need to launch the connection and will be redirected to your external app.
Only problem is that it leads to following issue I encountered myself: Issue 117979