<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 08/26/2013 01:11 PM, Lucas Holmquist
wrote:<br>
</div>
<blockquote
cite="mid:C4750063-1A0C-4AFB-BD66-72E387915952@redhat.com"
type="cite">
<pre wrap="">We are planning on adding an OAuth2 adapter to the JS library for 1.3.0. We are going to code against the google OAuth2 playground stuff, but trying to follow the spec as much as possible and try to be as generic as we can.
I'm not sure if this should be an "adapter" or something different. If it is an adapter of the Authentication plugin( not sure what we are calling the different pieces. pipeline, data manager, etc.), then we should expect to see authentication methods( enroll, login, logout ), but i think this "adapter" should be much more than that.
It should be used to connect to secured services( api ) that a user allows, such as GCM for chrome or the google+ platform, or some other enterprisey thing.
I'm wondering if this should be a standalone thing. I kind of like this idea so when we do social login, which will most likely have OAuth2, we can just access it.
Thoughts?
</pre>
</blockquote>
I feel like OAuth2 could be an Adapter/AuthenticationModule rather
easily.<br>
<br>
** login -> if tokens are provided in the config use them.<br>
if tokens are uptoDate, onSuccess<br>
else if tokens are expired, renew them<br>
if renew succeeds onSuccess<br>
else onFailure<br>
else if credentials provided try login<br>
if login fails (redirect to some click through)<br>
call onFailure with useful data included?<br>
if login succeeds<br>
update tokens,call onSuccess<br>
<big> </big><br>
** logout -> trash local tokens, <br>
unregister device (call /logout or w/e)<br>
onSuccess<br>
<br>
** enroll -> throw not implemented exception. Allow users to
override if necessary?<br>
<br>
One of the things added to Android in 1.1 was a isRetry method on
the Module. It is responsible for trying to renew any tokens you
had in the event of a failure. It is currently used in Digest
Authentication. So if we have our module on a Pipe and it fails
because the tokens expired, it can refresh the tokens before giving
up.<br>
<br>
Just my .02 (still beaning up)<br>
<br>
One of the things I worry about is us getting "close enough".
OAuth2 is a bit of a beast and everyone seems to have their own
libraries for how to handle it (on the Java/Android side anyway). A
way around that is to try to make it easy to slot in calls /
workflows for a third party but I have no idea how to begin
approaching that in a universal way.<br>
<br>
<br>
<blockquote
cite="mid:C4750063-1A0C-4AFB-BD66-72E387915952@redhat.com"
type="cite">
<pre wrap="">
_______________________________________________
aerogear-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>