I will be developing a mobile app, and for this, I have read a lot about API Security and gotten a little confused. If my app makes a request to the API, is an authentication enough or do I also need the authorization since I only have one user role.
That would mean that JWT instead of OAuth is enough, right?
My understanding is OAuth is for interactive user and JWT authentication is for IoT security for device authenticating itself to the system. Whether you need authorization or not that would be separate issue after authentication. You probably don't need it if it's just data transmission from field device to data center. But you might need it when device is seeking access information/resources from system(therefore information flow the other way around).