With token-based authentication in SSO, the customized client application obtains the SSO token from the SSO system using whatever means you designate.
The SSO token is injected into the cookie jar of the SAP Mobile Platform client application and is automatically forwarded to SAP Mobile Platform on any request. Login processing on SAP Mobile Platform then proceeds the same as in network-edge authentication; however, with the added benefit that SAP Mobile Platform never has access to the user's password, and therefore cannot leak it if compromised.
Token-based authentication is the most secure SAP Mobile Platform SSO scenario.