[aerogear-dev] Node.js / Passport.js thoughts (was: Re: OAuth2, OpenID connect and AeroGear)

Matthias Wessendorf matzew at apache.org
Thu Oct 30 15:11:12 EDT 2014 

sounds good to me, if you wanna help ;)

On Thursday, October 30, 2014, Brian Leathem <bleathem at gmail.com> wrote:

>  As a learning exercise I just wrote a MEAN application with both web and
> mobile (cordova) front-ends.  The Node.js backend is using passport.js to
> both authenticate against Gooale's Oauth2 and to secure the REST API I
> implemented with Express.
>
> I should be able to spare some cycles if you could use some extra hands on
> this.
>
> Brian
>
> On 14-10-30 11:21 AM, Lucas Holmquist wrote:
>
>
>  On Oct 30, 2014, at 2:20 PM, Matthias Wessendorf <matzew at apache.org
> <javascript:_e(%7B%7D,'cvml','matzew at apache.org');>> wrote:
>
>
>
> On Thu, Oct 30, 2014 at 7:13 PM, Lucas Holmquist <lholmqui at redhat.com
> <javascript:_e(%7B%7D,'cvml','lholmqui at redhat.com');>> wrote:
>
>>
>>  On Oct 30, 2014, at 9:41 AM, Matthias Wessendorf <matzew at apache.org
>> <javascript:_e(%7B%7D,'cvml','matzew at apache.org');>> wrote:
>>
>> Hello team!
>>
>> On Thu, Oct 9, 2014 at 4:49 AM, Bruno Oliveira <bruno at abstractj.org
>> <javascript:_e(%7B%7D,'cvml','bruno at abstractj.org');>> wrote:
>> Note: Not only for Keycloak, but also compatible with other technologies
>> like passport on Node.js.
>>
>>  Great point on being compatible with passport.js! To ensure our OAuth2
>> client SDKs do work against node.js (w/ passport.js), how about we build a
>> Node.js based version of our "Shoot-n-Share backend" ([1]), that is
>> protected by Passport.js?
>>
>>
>>  So to clear up some confusion that might be happening with what
>> passport is, it is not an OAuth2 server thing.
>>
>>  it’s really just middleware(think of it as a servlet filter for you
>> java weenies) for express.js,  and by using adapters(like a FB or google),
>> it can secure RESTful endpoints in that express.js app.
>>
>>  I think the thing that we can do here is make a keycloack adapter for
>> passport, using the OAuth2 protocol( similar to passports FB and google
>> adapters );
>>
>
>  +1 would be nice to get this in https://issues.jboss.org/browse/AGJS-252
>
>  On short term, it would be possible to use their existing adapters for
> FB/Google and protect the node.js backend with these adapters, right ?
>
>
>  i think we can do that
>
>
>
>  Sounds like the AGJS-252 is the ultimate solution we want, but I think
> for a quick test/verification (or even example) of our Android/iOS OAuth2
> clients, using the FB/Google adapters from passprt.js would be a good first
> start ?
>
>  -Matthias
>
>
>
>
>
>>
>>
>>
>>
>>  It could be a (simple) a 'clone' of our java version. I think for Luke,
>> our Node.js pro, it would be a fairly simple task :)
>>
>>  On the client side, the Android/iOS versions of Shoot-n-Share would
>> simply offer a new upload target for Passport.js, instead of 'just' FB,
>> Google-Drive and Keycloak.
>>
>>  That way we will also learn how much Passport.js is actually different,
>> similar to what we learned on how Google/FB are different ;-)
>>
>>  Another interesting aspect of this is that, once we are ready to
>> release our OAuth2 SDKs, it would be awesome to actually ship a node.js
>> based demo as well, instead of just a Java-based backend demo. That would
>> clearly show, our client libs are working across different backend
>> technologies.
>>
>>  Any thoughts?
>>
>>  -Matthias
>>
>>
>>  [1]
>> https://github.com/aerogear/aerogear-backend-cookbook/tree/master/Shoot
>>
>>
>>
>>
>>> In the end, OAuth2 is just a protocol and
>>> should support other servers.
>>>
>>> - Should we provide examples for OpenID connect? Or abstractions?
>>>
>>> To track this issue, we have the following Jira[3] and another for
>>> OpenID connect[4]. Fell free to link to your respective project.
>>>
>>>
>>> [1] -
>>>
>>> http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerogear.2014-10-08-14.00.html
>>>
>>> [2] - https://gist.github.com/abstractj/04136c6df85cea5f35d1
>>>
>>> [3] - https://issues.jboss.org/browse/AGSEC-180
>>>
>>> [4] - https://issues.jboss.org/browse/AGSEC-190
>>> --
>>>
>>> abstractj
>>> PGP: 0x84DC9914
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> <javascript:_e(%7B%7D,'cvml','aerogear-dev at lists.jboss.org');>
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>>  --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>  _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> <javascript:_e(%7B%7D,'cvml','aerogear-dev at lists.jboss.org');>
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> <javascript:_e(%7B%7D,'cvml','aerogear-dev at lists.jboss.org');>
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
>  --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>  _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> <javascript:_e(%7B%7D,'cvml','aerogear-dev at lists.jboss.org');>
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> _______________________________________________
> aerogear-dev mailing listaerogear-dev at lists.jboss.org <javascript:_e(%7B%7D,'cvml','aerogear-dev at lists.jboss.org');>https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>

-- 
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141030/4edea7e5/attachment.html

More information about the aerogear-dev mailing list