[aerogear-dev] Auth Authz and OAuth
Summers Pittman
supittma at redhat.com
Mon Jan 6 10:21:42 EST 2014
So in JS land and iOS land we have or will soon have OAuth2 handling.
To handle OAuth2 a new API was created, AGAuthorizationModule. I
understand and agree with the separation of concerns between
Authentication and Authorization, but I am worried that this introduces
two APIs now.
Before Authz was added Authentication (login, logout, etc) and
Authorization(here are my keys and permissions) were both handled by
AGAuthenticationModules. With Authz now being a thing we should
probably remove and deprecate the authz parts of the old
AuthenticationModules.
see iOS
https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307
see Android
https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/pipeline/RestRunner.java#L319
see Javascript: I couldn't actually find this in javascript...
wdyt?
More information about the aerogear-dev
mailing list