[aerogear-dev] OAuth2, OpenID connect and AeroGear

Bruno Oliveira bruno at abstractj.org
Thu Oct 9 08:55:22 EDT 2014


On 2014-10-09, Summers Pittman wrote:
> On 10/08/2014 10:49 PM, Bruno Oliveira wrote:
> > Good morning,
> >
> > Today we had a meeting to discuss some of the priorities for security on
> > AeroGear[1]. One of the items is OAuth2 support. Currently we have
> > several great examples and implementations for GDrive, flows for
> > Keycloak and etc.
> >
> > Although is a bit confuse for developers getting started from scratch.
> > I would like to keep our libaries aligned, considering the limitations
> > of each technology of course, as well consolidate each flow[2].
> >
> > Also the team agreed that OpenID connect (with Facebook and Google) should be considered a low
> > priority at the moment. That said I have some open questions:
> >
> > - Should we provide separated SDKs for OAuth2? Or let's put everything
> > into *-auth and break into modules later?
> *-auth should, IMHO, contain everything necessary to create an OAuth2
> connection to anything that isn't broken.  However, *-auth-facebook,
> *-auth-google, *-auth-herpDerpDeHur, etc may be useful to be full of
> convenience classes.

I'm cool with that with we agreed on that or maybe extract these classes
later.

>
> ON Android it may even be useful to have a *-auth-accountmanager to make
> working with Androids native token service easier.

Is this something specific for Android or would be possible to have the
same concept (not implementation) on iOS/JS/Cordova?


Don't want to play the agilist here, but would be nice to contextualize
people on AG domain model. And I also understand that not everything must be
the same to all platforms.

> >
> > Note: Not only for Keycloak, but also compatible with other technologies
> > like passport on Node.js. In the end, OAuth2 is just a protocol and
> > should support other servers.
> >
> > - Should we provide examples for OpenID connect? Or abstractions?
> >
> > To track this issue, we have the following Jira[3] and another for
> > OpenID connect[4]. Fell free to link to your respective project.
> >
> >
> > [1] -
> > http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerogear.2014-10-08-14.00.html
> >
> > [2] - https://gist.github.com/abstractj/04136c6df85cea5f35d1
> >
> > [3] - https://issues.jboss.org/browse/AGSEC-180
> >
> > [4] - https://issues.jboss.org/browse/AGSEC-190
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> --
> Summers Pittman
> >>Phone:404 941 4698
> >>Java is my crack.
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

--

abstractj
PGP: 0x84DC9914


More information about the aerogear-dev mailing list