<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><h2 id="oauth2-aerogear-workflow-high-level" style="font-weight: normal; color: rgb(17, 17, 17); line-height: 1em; font-size: 2em; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: silver; padding-bottom: 5px; font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; position: static; z-index: auto; ">OAuth2 AeroGear Workflow - High Level</h2><h3 id="using-google-apis" style="font-weight: normal; color: rgb(17, 17, 17); line-height: 24px; font-size: 1.5em; font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; ">Using Google api's</h3><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; "><em>Server Side</em></p><ol style="margin: 1em 0px; padding: 0px 0px 0px 2em; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; "><li>user needs to first create an "application/project" to get an api key</li><li>Then they would choose the services/api's then would like there application to access</li><li>other google server related items....</li></ol><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; "><em>Client Side</em></p><ol style="margin: 1em 0px; padding: 0px 0px 0px 2em; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; "><li>Create a new OAuth2 module thing</li><li>Get access token for the services would need to specify the services they would like to access</li><li>validate the token</li><li>make calls to the service</li></ol><h3 id="api" style="font-weight: normal; color: rgb(17, 17, 17); line-height: 24px; font-size: 1.5em; font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; ">API</h3><pre style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; background-color: rgb(248, 248, 248); border: 1px solid rgb(204, 204, 204); white-space: pre-wrap; word-wrap: break-word; padding: 5px 12px; line-height: 24px; "><code style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; border: 0px !important; padding: 0px; ">var thing = AerGear.OAuth2({
name: googleEndPoints, //Just a Name
clientID: "12345" //The client ID of the app from the API console
settings: {
permissions: "..",
...
}
}).somecoolmodulename.googleEndPoints;
</code></pre><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; "><em>Settings: Multiple settings based on paramters <a href="https://developers.google.com/accounts/docs/OAuth2UserAgent" style="color: rgb(11, 0, 128); text-decoration: none; ">here</a></em></p><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; "><em>Methods</em></p><h3 id="authenticate" style="font-weight: normal; color: rgb(17, 17, 17); line-height: 24px; font-size: 1.5em; font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; ">authenticate</h3><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; ">this will authenticate with the server to get the access token and then validate the token, once that is all good then the response is returned.</p><pre style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; background-color: rgb(248, 248, 248); border: 1px solid rgb(204, 204, 204); white-space: pre-wrap; word-wrap: break-word; padding: 5px 12px; line-height: 24px; "><code style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; border: 0px !important; padding: 0px; ">thing.authenticate({
success:{},
error:{},
settings: {
//probably some settings here, like URL overides and such
}
});
</code></pre><h3 id="callapi" style="font-weight: normal; color: rgb(17, 17, 17); line-height: 24px; font-size: 1.5em; font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; ">callApi</h3><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; ">not really a good name, but it would basically call the remote api/services. we could either do a query string option or a Head option</p><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; ">example:</p><pre style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; background-color: rgb(248, 248, 248); border: 1px solid rgb(204, 204, 204); white-space: pre-wrap; word-wrap: break-word; padding: 5px 12px; line-height: 24px; "><code style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; border: 0px !important; padding: 0px; ">curl '<a href="https://www.googleapis.com/oauth2/v1/userinfo?access_token=1/fFBGRNJru1FQd44AzqT3Zg'">https://www.googleapis.com/oauth2/v1/userinfo?access_token=1/fFBGRNJru1FQd44AzqT3Zg'</a>
</code></pre><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; ">or</p><pre style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; background-color: rgb(248, 248, 248); border: 1px solid rgb(204, 204, 204); white-space: pre-wrap; word-wrap: break-word; padding: 5px 12px; line-height: 24px; "><code style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; border: 0px !important; padding: 0px; ">curl -H "Authorization: Bearer {accessToken}" <a href="https://www.googleapis.com/oauth2/v1/userinfo">https://www.googleapis.com/oauth2/v1/userinfo</a>
</code></pre><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; ">code:</p><pre style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; background-color: rgb(248, 248, 248); border: 1px solid rgb(204, 204, 204); white-space: pre-wrap; word-wrap: break-word; padding: 5px 12px; line-height: 24px; "><code style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; border: 0px !important; padding: 0px; ">thing.callApi({
service: "userinfo", //don't really like this name either
success:{},
error:{},
settings: {
... //overridable baseURLs?
}
});
</code></pre><h3 id="revoke" style="font-weight: normal; color: rgb(17, 17, 17); line-height: 24px; font-size: 1.5em; font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; ">revoke</h3><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; ">again, maybe not the best name. calls the "revoke" service, to remove access to permissions</p><pre style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; background-color: rgb(248, 248, 248); border: 1px solid rgb(204, 204, 204); white-space: pre-wrap; word-wrap: break-word; padding: 5px 12px; line-height: 24px; "><code style="font-size: 0.88em; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; border: 0px !important; padding: 0px; ">thing.revoke({
success: {},
error: {},
settings: {}
});
</code></pre><p style="margin: 1em 0px; color: rgb(68, 68, 68); font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', 'Hiragino Sans GB', STXihei, 微软雅黑, serif; font-size: 16px; line-height: 24px; ">Behind the scenes on all these calls, the "access_token" is beining used and possibly refreshed for the user, so they don't have to worry about it. They just need to call authenticate first. Maybe we can have a refresh method if the user wants to refresh the tokens themselves. this would do the token "dance"</p></div><div><br></div><br><div><div>On Aug 26, 2013, at 1:35 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">+1 I think is a good start to us.<br><br>Kris Borchers wrote:<br><blockquote type="cite">I would like to see that but what you are saying makes sense. It sounds like where I was headed with the Basic and Digest adapters before I ran into browser security issues with headers. I think and authorization API that basically just wraps itself around secured endpoints works for me.<br></blockquote><br>-- <br>abstractj<br><br><br>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev</blockquote></div><br></body></html>