In my app I have implemented Login module auth security by implementing security realms. But i am thinking of implementing a OAUTH2.0 authentication where user will be authenticated once I will get a token and re-validate than on app starts.

So please one guide what are the prerequisites to implement this. Can I achieve this by creating a custom authentication module ? Any guide sample code will be really helpful.

There is an article that was published that shows how to use OAuth with inappbrowser and Worklgiht using LinkedIn found at the following location:

http://www.ibm.com/developerworks/library/mo-worklight-linkedin/

This article is a great sample to getting you started using Worklight and OAuth. Let me know if you have any further questions

Take a look at this SO answer: https://stackoverflow.com/a/18172484/440934

Hybrid apps do not have a public URL that an OAuth provider can redirect to, but there are some tricks you can do with the child browser plugin to 'hack' around them (see the first link). You can have your OAUTH provider redirect to a dummy URL that the child browser can intercept and parse the token from the URL (there are even some security concerns there). OAuth2 gets even trickier when configured not to place a token in the redirect URL and instead placing it in the body or in a header. Child browser does not expose these details which means some more custom native work to grab them if that is your only route.