function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Deepish AdwaniDeepish Adwani 

Authentication for REST webservice from mobile app

We are trying yo implement a custom forgot password functionality on a mobile app which will call a webservice on salesforce to reset the password of user.
The problem here is, which authentication/authorization flow should i suggest to mobile developer. Because user won't remember the password (and that is the reason he is going for forgot password functionality)

User name password flow - Cannot use as it requires user name to login.
Web server flow - It only requires user name / password login for the first time, but this is something which we want to avoid.
User agent flow - It also requires username / password login for first time (Please correct me if i am wrong here)

The other option i have is to expose the webservice to public (which i want to avoid) - security reasons

Is there any App based authentication flow, meaning, i say to salesforce that this is my app and it will try to hit the webservice?? And it should be allowed.