Hi there.
Well, the complete redeploy will totally depend upon how you're actually using the SDK and if a newer version is fixing or adding something you were waiting for, or a big security breach, for instance. The SDK is like any other framework your app team is using. At some point, they get updated but it doesn't necessarily mean you got to update it right away and redeploy your apps.
You mentioned only OAuth. Is there any other particular use case you want to use? If you do not have another particular use case, I would strongly recommend using the SDK due to some beneficial abstraction, as Carina mentioned before, that will save you guys tons of development time by providing a single and unique way to call endpoints where the CA Mobile API Gateway is protecting. Besides the plain OAuth, the SDK will give you mutual SSL OOB, which is basically an almost effortless second-factor authentication where the gateway (server) will get to know the mobile device (client) and the client will get to know the server.
To use or not the SDK is a very fair question. I usually answer our customers by saying that the SDK is not doing anything that you could do yourself. Nothing is stopping your app team to build up your own SDK, from scratch, and provide the very same features. The question is, do you really want to invest time and money building and maintaining another SDK when the product itself provides you one, out of the box, with a bunch of features? Maybe you are going to find yourself asking this very same question in the future, when you find out that the framework, SDK or whatever you want to call the custom methods to use the CA Mobile API Gateway's API, you created has a bug and needs to be updated and the apps using it rebuilt.
In another analogy, you can build your own car, right? You can buy all the parts, pieces, engine, etc, etc and build yourself a nice car, right? However, do you really want to invest time and money building something that is already there? It's an operation question more than a technical one. That's my point here.
If you guys really decide not to use the SDK then I would suggest that you write down all the use cases where the CA Mobile API Gateway would be protecting the API calls. It all boils down to what you want to do with those APIs and how.
I hope that helps.
--
ac