<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Aug 27, 2013, at 8:09 AM, Kris Borchers <<a href="mailto:kris@redhat.com">kris@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=utf-8"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Aug 27, 2013, at 6:04 AM, Lucas Holmquist <<a href="mailto:lholmqui@redhat.com">lholmqui@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=utf-8"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Aug 27, 2013, at 3:39 AM, Sebastien Blanc <<a href="mailto:scm.blanc@gmail.com">scm.blanc@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Hi,<div>That sounds good !</div><div>Just one question, instead of using the callApi function couldn't we pass the oauth module (called 'thing' in your example) to the pipe directly, using the 'authenticator' setting. Behind the scene, the pipe manager will append the oauth token to the query or add the bearer header ?</div></div></blockquote><div><br></div><div>I'm not sure if that is what this is going to do. This is more of an Authorization thing and i don't think it totally fits the pipeline stuff. ( or it would make it a bit more complicated, and we want to keep it simple )</div></div></div></blockquote><div><br></div>Though I understand what you're saying here, I was kind of hoping for both options with this adapter. What do you think about:</div><div><br></div><div><ol class="MailOutline"><li>OAuth2 adapter is used for Auth as you described</li><li>Also can be set as the authenticator on a pipe. We could provide config options to either go through the auth process or just provide an error and let the dev handle it</li></ol></div></div></blockquote><div><br></div>we can try it and see how it feels<br><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><br></div><div>Something like that. Thoughts?</div><div><br></div><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><br></div><div><br></div><div> i should probably change the method to be "authorize" instead</div><br><blockquote type="cite"><div dir="ltr">
<div>Seb</div></div></blockquote><blockquote type="cite"><div dir="ltr"><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Aug 26, 2013 at 8:05 PM, Lucas Holmquist <span dir="ltr"><<a href="mailto:lholmqui@redhat.com" target="_blank">lholmqui@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><h2 style="font-weight:normal;color:rgb(17,17,17);line-height:1em;font-size:2em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:silver;padding-bottom:5px;font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif">
OAuth2 AeroGear Workflow - High Level</h2><h3 style="font-weight:normal;color:rgb(17,17,17);line-height:24px;font-size:1.5em;font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif">
Using Google api's</h3><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
<em>Server Side</em></p><ol style="margin:1em 0px;padding:0px 0px 0px 2em;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
<li>user needs to first create an "application/project" to get an api key</li><li>Then they would choose the services/api's then would like there application to access</li><li>other google server related items....</li>
</ol><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px"><em>Client Side</em></p>
<ol style="margin:1em 0px;padding:0px 0px 0px 2em;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
<li>Create a new OAuth2 module thing</li><li>Get access token for the services would need to specify the services they would like to access</li><li>validate the token</li><li>make calls to the service</li></ol><h3 style="font-weight:normal;color:rgb(17,17,17);line-height:24px;font-size:1.5em;font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif">
API</h3><pre style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;background-color:rgb(248,248,248);border:1px solid rgb(204,204,204);white-space:pre-wrap;word-wrap:break-word;padding:5px 12px;line-height:24px"><code style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;border:0px!important;padding:0px">var thing = AerGear.OAuth2({
name: googleEndPoints, //Just a Name
clientID: "12345" //The client ID of the app from the API console
settings: {
permissions: "..",
...
}
}).somecoolmodulename.googleEndPoints;
</code></pre><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
<em>Settings: Multiple settings based on paramters <a href="https://developers.google.com/accounts/docs/OAuth2UserAgent" style="color:rgb(11,0,128);text-decoration:none" target="_blank">here</a></em></p><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
<em>Methods</em></p><h3 style="font-weight:normal;color:rgb(17,17,17);line-height:24px;font-size:1.5em;font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif">
authenticate</h3><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
this will authenticate with the server to get the access token and then validate the token, once that is all good then the response is returned.</p><pre style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;background-color:rgb(248,248,248);border:1px solid rgb(204,204,204);white-space:pre-wrap;word-wrap:break-word;padding:5px 12px;line-height:24px"><code style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;border:0px!important;padding:0px">thing.authenticate({
success:{},
error:{},
settings: {
//probably some settings here, like URL overides and such
}
});
</code></pre><h3 style="font-weight:normal;color:rgb(17,17,17);line-height:24px;font-size:1.5em;font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif">
callApi</h3><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
not really a good name, but it would basically call the remote api/services. we could either do a query string option or a Head option</p><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
example:</p><pre style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;background-color:rgb(248,248,248);border:1px solid rgb(204,204,204);white-space:pre-wrap;word-wrap:break-word;padding:5px 12px;line-height:24px"><code style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;border:0px!important;padding:0px">curl '<a href="https://www.googleapis.com/oauth2/v1/userinfo?access_token=1/fFBGRNJru1FQd44AzqT3Zg'" target="_blank">https://www.googleapis.com/oauth2/v1/userinfo?access_token=1/fFBGRNJru1FQd44AzqT3Zg'</a>
</code></pre><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
or</p><pre style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;background-color:rgb(248,248,248);border:1px solid rgb(204,204,204);white-space:pre-wrap;word-wrap:break-word;padding:5px 12px;line-height:24px"><code style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;border:0px!important;padding:0px">curl -H "Authorization: Bearer {accessToken}" <a href="https://www.googleapis.com/oauth2/v1/userinfo" target="_blank">https://www.googleapis.com/oauth2/v1/userinfo</a>
</code></pre><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
code:</p><pre style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;background-color:rgb(248,248,248);border:1px solid rgb(204,204,204);white-space:pre-wrap;word-wrap:break-word;padding:5px 12px;line-height:24px"><code style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;border:0px!important;padding:0px">thing.callApi({
service: "userinfo", //don't really like this name either
success:{},
error:{},
settings: {
... //overridable baseURLs?
}
});
</code></pre><h3 style="font-weight:normal;color:rgb(17,17,17);line-height:24px;font-size:1.5em;font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif">
revoke</h3><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
again, maybe not the best name. calls the "revoke" service, to remove access to permissions</p><pre style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;background-color:rgb(248,248,248);border:1px solid rgb(204,204,204);white-space:pre-wrap;word-wrap:break-word;padding:5px 12px;line-height:24px"><code style="font-size:0.88em;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;border:0px!important;padding:0px">thing.revoke({
success: {},
error: {},
settings: {}
});
</code></pre><p style="margin:1em 0px;color:rgb(68,68,68);font-family:Georgia,Palatino,'Palatino Linotype',Times,'Times New Roman','Hiragino Sans GB',STXihei,微软雅黑,serif;font-size:16px;line-height:24px">
Behind the scenes on all these calls, the "access_token" is beining used and possibly refreshed for the user, so they don't have to worry about it. They just need to call authenticate first. Maybe we can have a refresh method if the user wants to refresh the tokens themselves. this would do the token "dance"</p>
</div><div><br></div><br><div><div><div class="h5"><div>On Aug 26, 2013, at 1:35 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>> wrote:</div><br></div></div><blockquote type="cite">
<div><div class="h5">+1 I think is a good start to us.<br><br>Kris Borchers wrote:<br><blockquote type="cite">I would like to see that but what you are saying makes sense. It sounds like where I was headed with the Basic and Digest adapters before I ran into browser security issues with headers. I think and authorization API that basically just wraps itself around secured endpoints works for me.<br>
</blockquote><br>-- <br>abstractj<br><br><br></div></div><div class="im">_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div></blockquote></div><br></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div>
_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></blockquote></div><br></div>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></blockquote></div><br></div>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev</blockquote></div><br></body></html>