[aerogear-dev] Keycloak integration and UPS Sender

Karel Piwko kpiwko at redhat.com
Wed Jun 18 13:27:04 EDT 2014


----- Original Message -----
> From: "Bruno Oliveira" <bruno at abstractj.org>
> To: "AeroGear Developer Mailing List" <aerogear-dev at lists.jboss.org>
> Sent: Tuesday, June 17, 2014 7:17:36 PM
> Subject: Re: [aerogear-dev] Keycloak integration and UPS Sender
> 
> >
> >
> > IMO if possible, keeping these 'exceptions' (or excludes) under HTTP_BASIC
> > would be the simplest solution, as that means none of our client SDKs
> > (Android, iOS, Cordova, Node.js Sender, Java-Sendet etc) would require an
> > update.
> 
> I had a chat with Stian and looks like it's possible to support both
> auth methods in a single app, but that would involve changes on Keycloak.
> It's just the matter of discuss with KC team.
> 
> My two cents is the fact that we should use bearer tokens only, instead
> of mix both auth methods in a single app — now that we have KC.
> And discuss the changes into our clients rather sooner than later.
> 
> But I'm open for whatever you guys think it's the best.

I agree here, we should try to aim to have only one auth method - bearer tokens unless it has
performance or usability consequences. Mix is more error prone and more complicated to maintain longterm imho.

> 



More information about the aerogear-dev mailing list