[aerogear-dev] Cordova Ouath2 plugin using Google Play Services
Brian Leathem
bleathem at gmail.com
Wed Feb 25 15:41:46 EST 2015
s/David/Daniel/
:-P
Brian
On 2015-02-25 10:59 AM, Brian Leathem wrote:
> Great, thanks for the insight David, I'll go bark up that tree for a
> while.
>
> Brian
>
> On 2015-02-25 10:44 AM, Daniel Passos wrote:
>>
>> Hey Brian,
>>
>> You can. but not necessarily need do that.. You can create your own
>> workflow.
>>
>> Just implement your own:
>>
>> *
>>
>> OAuth2AuthroizationConfigurationProvider
>>
>> *
>>
>> AuthorizationConfiguration
>>
>> * AuthzModule.java
>>
>> And let the |AuthorizationManager| know[1] your new Authz
>>
>> |AuthorizationManager.registerConfigurationProvider(YourNewAuthorizationConfiguration, new YourNewOAuth2AuthroizationConfigurationProvider)
>> |
>>
>> [1]
>> https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-android-authz/src/main/java/org/jboss/aerogear/android/authorization/AuthorizationManager.java#L37-L41
>>
>> -- Passos
>>
>>
>>
>>
>> On Wed, Feb 25, 2015 at 3:30 PM, Brian Leathem <bleathem at gmail.com
>> <mailto:bleathem at gmail.com>> wrote:
>>
>> ... and the devil is in the details.
>>
>> It seems as though all the current AuzthzModules use an http
>> based approach to requesting an Oauth2 token. I see this being
>> done in OAuth2WebFragmentFetchAutorization#doAuthorization
>> method, where an OAuthWebViewDialog is used to trigger the Oauth2
>> token request.
>>
>> To use Google Play services to trigger an Oauth2 token request,
>> we won't use an http approach, but rather we start an activity to
>> select an account and request an Oauth2 token. Once the token is
>> retrieved it can then be used with the standard http Oauth2 API.
>>
>> (One caveat: the google play services token response doesn't
>> provide a refresh token. I believe this to be a non-issue as the
>> token request process is trivial when using google play services
>> (no authentication step)).
>>
>> I see to ways to implement this feature:
>>
>> 1) Generalize the OAuth2WebFragmentFetchAutorization into an
>> interface, and have one implementation to handle http-based token
>> requests, and second implementation to handle intent-based token
>> requests.
>>
>> 2) Add a OAuth2AuthorizationConfiguration option to use intents
>> instead of http, and trigger a different workflow within the
>> OAuth2WebFragmentFetchAutorization#doAuthorization method if that
>> config is set.
>>
>> My preference is for 2) because it's a) simpler, and b) it is
>> really only during the #doAuthorization method that we have a
>> different approach.
>>
>> Thoughts? I'll start with implementing approach (2) unless I
>> hear otherwise.
>>
>> Brian
>>
>>
>> On 2015-02-24 07:25 PM, Matthias Wessendorf wrote:
>>>
>>>
>>> On Wednesday, February 25, 2015, Daniel Passos <daniel at passos.me
>>> <mailto:daniel at passos.me>> wrote:
>>>
>>> No, we are not using Google Play services API for now for
>>> OAuth2 in Android land.
>>>
>>> But feel free create a new AuthzModule[1] for it ;)
>>>
>>>
>>> +1
>>>
>>>
>>>
>>> [1] https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-android-authz/src/main/java/org/jboss/aerogear/android/authorization/AuthzModule.java
>>>
>>> -- Passos
>>>
>>>
>>> On Tue, Feb 24, 2015 at 4:01 PM, Sebastien Blanc
>>> <scm.blanc at gmail.com> wrote:
>>>
>>> Cool stuff Brian !
>>> The AeroGear OAuth2 Cordova plugin relies on the Native
>>> AeroGear OAuth2 Libraries, so maybe Summers and/or
>>> Daniel could tell more about it.
>>> Sebi
>>>
>>>
>>> On Tue, Feb 24, 2015 at 7:46 PM, Brian Leathem
>>> <bleathem at gmail.com> wrote:
>>>
>>> Hey gear-heads,
>>>
>>> I recently wrote a Cordova plugin that retrieves a
>>> Oauth2 token on
>>> Android using Google Play Services. The advantage
>>> of this approach is
>>> it leverages the single-sign-on capabilities of
>>> android, and the app can
>>> retrieve the Oauth2 token without requiring
>>> Authentication from the
>>> user. I blogged about it here:
>>>
>>> http://www.bleathem.ca/blog/2015/02/cordova-oauth-google-services.html
>>>
>>> Using a promise-based API it's fairly trivial to
>>> fallback to a
>>> traditional Web authentication/authorisation for the
>>> Oauth2 token when
>>> the google-play-services approach isn't supported.
>>>
>>> I'm aware the aerogear team has a Oauth2 cordova
>>> plugin [1], but it's
>>> not clear to me if the google-play-services
>>> integration is supported.
>>> If the Aerogeam would find it useful, I'd be more
>>> than happy to provide
>>> a PR to the aerogear cordova plugin providing such
>>> integration.
>>>
>>> Thoughts?
>>> Brian
>>>
>>> [1]
>>> http://staging-aerogearsite.rhcloud.com/docs/specs/aerogear-cordova/OAuth2.html
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>>
>>>
>>> --
>>> Sent from Gmail Mobile
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150225/60521e7b/attachment.html
More information about the aerogear-dev
mailing list