<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Mar 25, 2014 at 3:36 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">> > On March 25, 2014 at 5:51:46 AM, Matthias Wessendorf (<a href="mailto:matzew@apache.org">matzew@apache.org</a>) <br>
> > > <br>
</div><div class="">> > > One thing that just came to mind is the implications for the clients. <br>
> > <br>
> > It shouldn't exist once we are server agnostic <br>
> > <br>
> <br>
> <br>
> you mean no implications on the client, right ? <br>
<br>
</div>Yes! <br>
<div class="im HOEnZb"><br>
> > > <br>
> > > Now, I am wondering, what does the deprecation of the java libraries <br>
> > > mean for the client offerings? For instance, once we did port <br>
> > <br>
> > I can be dead wrong, but this deprecation doesn't mean to much to me. Why? <br>
> > AG Security is just few classes to fill in the gaps from PicketLink in the <br>
> > past. <br>
> > <br>
> > Our offerings should not be tied to the server side, at least for <br>
> > authentication. <br>
> <br>
> <br>
> yeah - I am not sure that is really the case - I can be wrong; But I think <br>
> that the "AGRestAuthentication.m" is a bit tied to AG Security's PicketLink <br>
> Module <br>
<br>
</div><div class="im HOEnZb">If that is happening, we must fix this. <br>
<br>
> <br>
</div><div class="im HOEnZb">> > How could I authenticate with AeroGear and Node.js? <br>
> > <br>
> <br>
> I don't know. I *think* IF the endpoints would actually follow this spec, <br>
> it would work: <br>
> <a href="http://aerogear.org/docs/specs/aerogear-rest-api/#aerogear-security" target="_blank">http://aerogear.org/docs/specs/aerogear-rest-api/#aerogear-security</a> <br>
<br>
</div><div class="im HOEnZb">Think about people interacting with legacies, they can’t just say “hey, would you mind to change your endpoint?”. For this reason, <br>
we should have the flexibility to specify endpoints + parameters (<a href="https://github.com/aerogear/aerogear-android-cookbook/blob/master/src/org/jboss/aerogear/cookbook/authentication/HowToUseAuthentication.java#L70" target="_blank">https://github.com/aerogear/aerogear-android-cookbook/blob/master/src/org/jboss/aerogear/cookbook/authentication/HowToUseAuthentication.java#L70</a>). <br>
<br>
It shouldn't matter if the endpoint is “login” or “enroll”. Or parameters are “login” or “username”. <br></div></blockquote><div><br></div><div>right - it's already flexible :) </div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im HOEnZb">
<br>
> <br>
> <br>
</div><div class="im HOEnZb">> But my hope is that, in the future, we only have OAuth2 and the 'legacy' <br>
> bits like BASIC/DIGEST. Great thing here: they are actually (well) defined <br>
> protocols. <br>
<br>
</div><div class="im HOEnZb">That’s pretty much what we do today, I guess. <br>
<br>
</div><div class="im HOEnZb">> > > the endpoints (for instance on AeroDoc) to vanilla PicketLink, <br>
> > > should this iOS class/module just function like before? Or does <br>
> > <br>
> > Yes, they just need to be adapted and have AG Security removed. Today, we <br>
> > don't need anymore 2 jars only for login/logout. Just stick with Apache <br>
> > Shiro, PicketLink <br>
> <br>
> <br>
> So, yeah if the endpoints ported to plain PL/Shiro/etc they would have to <br>
> follow this spec, right ? <br>
> <a href="http://aerogear.org/docs/specs/aerogear-rest-api/#aerogear-security" target="_blank">http://aerogear.org/docs/specs/aerogear-rest-api/#aerogear-security</a> <br>
<br>
</div><div class="im HOEnZb">For examples, yes. But, we shouldn’t me tied to this. What would happen with the client if I want to name my endpoints with: “/register”, “/signin” and “/signout” ? <br>
<br>
See: <a href="https://github.com/aerogear/aerogear-js/blob/master/tests/unit/authentication/authentication-rest.js#L13" target="_blank">https://github.com/aerogear/aerogear-js/blob/master/tests/unit/authentication/authentication-rest.js#L13</a> <br>
</div></blockquote><div><br></div><div><br></div><div>yep - that is present as well.</div><div><br></div><div><br></div><div><br></div><div>-Matthias</div><div><br></div><div><br></div><div><br></div><div><br></div><div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im HOEnZb">
<br>
</div><div class="im HOEnZb">> yeah - I picked iOS only because I know that code a bit better than Android <br>
> or JS ;-) <br>
<br>
</div><div class="HOEnZb"><div class="h5">I know, that new update for iOS 7.1 called “drain my battery” is awesome.<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>