[aerogear-dev] AeroGear Security and friends deprecation
Bruno Oliveira
bruno at abstractj.org
Tue Mar 25 10:36:20 EDT 2014
> > On March 25, 2014 at 5:51:46 AM, Matthias Wessendorf (matzew at apache.org)
> > >
> > > One thing that just came to mind is the implications for the clients.
> >
> > It shouldn't exist once we are server agnostic
> >
>
>
> you mean no implications on the client, right ?
Yes!
> > >
> > > Now, I am wondering, what does the deprecation of the java libraries
> > > mean for the client offerings? For instance, once we did port
> >
> > I can be dead wrong, but this deprecation doesn't mean to much to me. Why?
> > AG Security is just few classes to fill in the gaps from PicketLink in the
> > past.
> >
> > Our offerings should not be tied to the server side, at least for
> > authentication.
>
>
> yeah - I am not sure that is really the case - I can be wrong; But I think
> that the "AGRestAuthentication.m" is a bit tied to AG Security's PicketLink
> Module
If that is happening, we must fix this.
>
> > How could I authenticate with AeroGear and Node.js?
> >
>
> I don't know. I *think* IF the endpoints would actually follow this spec,
> it would work:
> http://aerogear.org/docs/specs/aerogear-rest-api/#aerogear-security
Think about people interacting with legacies, they can’t just say “hey, would you mind to change your endpoint?”. For this reason,
we should have the flexibility to specify endpoints + parameters (https://github.com/aerogear/aerogear-android-cookbook/blob/master/src/org/jboss/aerogear/cookbook/authentication/HowToUseAuthentication.java#L70).
It shouldn't matter if the endpoint is “login” or “enroll”. Or parameters are “login” or “username”.
>
>
> But my hope is that, in the future, we only have OAuth2 and the 'legacy'
> bits like BASIC/DIGEST. Great thing here: they are actually (well) defined
> protocols.
That’s pretty much what we do today, I guess.
> > > the endpoints (for instance on AeroDoc) to vanilla PicketLink,
> > > should this iOS class/module just function like before? Or does
> >
> > Yes, they just need to be adapted and have AG Security removed. Today, we
> > don't need anymore 2 jars only for login/logout. Just stick with Apache
> > Shiro, PicketLink
>
>
> So, yeah if the endpoints ported to plain PL/Shiro/etc they would have to
> follow this spec, right ?
> http://aerogear.org/docs/specs/aerogear-rest-api/#aerogear-security
For examples, yes. But, we shouldn’t me tied to this. What would happen with the client if I want to name my endpoints with: “/register”, “/signin” and “/signout” ?
See: https://github.com/aerogear/aerogear-js/blob/master/tests/unit/authentication/authentication-rest.js#L13
> yeah - I picked iOS only because I know that code a bit better than Android
> or JS ;-)
I know, that new update for iOS 7.1 called “drain my battery” is awesome.
More information about the aerogear-dev
mailing list