
sounds good to me, if you wanna help ;)<span></span><br><br>On Thursday, October 30, 2014, Brian Leathem &lt;<a href="mailto:bleathem@gmail.com">bleathem@gmail.com</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  
  <div>

    <div>As a learning exercise I just wrote a

      MEAN application with both web and mobile (cordova) front-ends. 

      The Node.js backend is using passport.js to both authenticate

      against Gooale&#39;s Oauth2 and to secure the REST API I implemented

      with Express.<br>

      <br>

      I should be able to spare some cycles if you could use some extra

      hands on this.<br>

      <br>

      Brian<br>

      <br>

      On 14-10-30 11:21 AM, Lucas Holmquist wrote:<br>

    </div>

    <blockquote type="cite">

      
      <br>

      <div>

        <blockquote type="cite">

          <div>On Oct 30, 2014, at 2:20 PM, Matthias Wessendorf

            &lt;<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;matzew@apache.org&#39;);" target="_blank">matzew@apache.org</a>&gt;

            wrote:</div>

          <br>

          <div>

            <div dir="ltr" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

              <div class="gmail_extra"><br>

                <br>

                <div class="gmail_quote">On Thu, Oct 30, 2014 at 7:13

                  PM, Lucas Holmquist<span> </span><span dir="ltr">&lt;<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;lholmqui@redhat.com&#39;);" target="_blank">lholmqui@redhat.com</a>&gt;</span><span> </span>wrote:<br>

                  <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

                    <div style="word-wrap:break-word"><br>

                      <div>

                        <blockquote type="cite"><span>

                            <div>On Oct 30, 2014, at 9:41 AM,

                              Matthias Wessendorf &lt;<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;matzew@apache.org&#39;);" target="_blank">matzew@apache.org</a>&gt;

                              wrote:</div>

                            <br>

                          </span><span>Hello team!<br>

                            <br>

                            On Thu, Oct 9, 2014 at 4:49 AM, Bruno

                            Oliveira <span dir="ltr">&lt;<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;bruno@abstractj.org&#39;);" target="_blank">bruno@abstractj.org</a>&gt;</span> wrote:<br>

                            Note: Not only for Keycloak, but also

                            compatible with other technologies<br>

                            like passport on Node.js. 

                            <div><br>

                            </div>

                            <div>Great point on being

                              compatible with passport.js! To ensure our

                              OAuth2 client SDKs do work against node.js

                              (w/ passport.js), how about we build a

                              Node.js based version of our

                              &quot;Shoot-n-Share backend&quot; ([1]), that is

                              protected by Passport.js?</div>

                          </span></blockquote>

                        <div><br>

                        </div>

                        <div>So to clear up some confusion that

                          might be happening with what passport is, it

                          is not an OAuth2 server thing.</div>

                        <div><br>

                        </div>

                        <div>it’s really just middleware(think

                          of it as a servlet filter for you java

                          weenies) for express.js,  and by using

                          adapters(like a FB or google), it can secure

                          RESTful endpoints in that express.js app.</div>

                        <div><br>

                        </div>

                        <div>I think the thing that we can do

                          here is make a keycloack adapter for passport,

                          using the OAuth2 protocol( similar to

                          passports FB and google adapters );</div>

                      </div>

                    </div>

                  </blockquote>

                </div>

              </div>

            </div>

          </div>

        </blockquote>

        <blockquote type="cite">

          <div>

            <div dir="ltr" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

              <div class="gmail_extra">

                <div class="gmail_quote">

                  <div><br>

                  </div>

                  <div>+1 would be nice to get this in<span> </span><a href="https://issues.jboss.org/browse/AGJS-252" target="_blank">https://issues.jboss.org/browse/AGJS-252</a><br>

                  </div>

                  <div><br>

                  </div>

                  <div>On short term, it would be possible to

                    use their existing adapters for FB/Google and

                    protect the node.js backend with these adapters,

                    right ?</div>

                </div>

              </div>

            </div>

          </div>

        </blockquote>

        <div><br>

        </div>

        <div>i think we can do that</div>

        <br>

        <blockquote type="cite">

          <div>

            <div dir="ltr" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

              <div class="gmail_extra">

                <div class="gmail_quote">

                  <div><br>

                  </div>

                  <div><br>

                  </div>

                  <div>Sounds like the AGJS-252 is the ultimate

                    solution we want, but I think for a quick

                    test/verification (or even example) of our

                    Android/iOS OAuth2 clients, using the FB/Google

                    adapters from passprt.js would be a good first start

                    ?</div>

                  <div><br>

                  </div>

                  <div>-Matthias</div>

                  <div><br>

                  </div>

                  <div><br>

                  </div>

                  <div><br>

                  </div>

                  <div> </div>

                  <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

                    <div style="word-wrap:break-word">

                      <div>

                        <div>

                          <div>

                            <div><br>

                            </div>

                            <div><br>

                            </div>

                            <br>

                            <blockquote type="cite">

                              <div>

                                <div dir="ltr">

                                  <div class="gmail_extra">

                                    <div class="gmail_quote">

                                      <div><br>

                                      </div>

                                      <div>It could be a

                                        (simple) a &#39;clone&#39; of our java

                                        version. I think for Luke, our

                                        Node.js pro, it would be a

                                        fairly simple task :)</div>

                                      <div><br>

                                      </div>

                                      <div>On the client side,

                                        the Android/iOS versions of

                                        Shoot-n-Share would simply offer

                                        a new upload target for

                                        Passport.js, instead of &#39;just&#39;

                                        FB, Google-Drive and Keycloak.</div>

                                      <div><br>

                                      </div>

                                      <div>That way we will

                                        also learn how much Passport.js

                                        is actually different, similar

                                        to what we learned on how

                                        Google/FB are different ;-)<br>

                                      </div>

                                      <div><br>

                                      </div>

                                      <div>Another interesting

                                        aspect of this is that, once we

                                        are ready to release our OAuth2

                                        SDKs, it would be awesome to

                                        actually ship a node.js based

                                        demo as well, instead of just a

                                        Java-based backend demo. That

                                        would clearly show, our client

                                        libs are working across

                                        different backend technologies.</div>

                                      <div><br>

                                      </div>

                                      <div>Any thoughts?</div>

                                      <div><br>

                                      </div>

                                      <div>-Matthias</div>

                                      <div><br>

                                      </div>

                                      <div><br>

                                      </div>

                                      <div>[1] <a href="https://github.com/aerogear/aerogear-backend-cookbook/tree/master/Shoot" target="_blank">https://github.com/aerogear/aerogear-backend-cookbook/tree/master/Shoot</a></div>

                                      <div><br>

                                      </div>

                                      <div><br>

                                      </div>

                                      <div> </div>

                                      <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">In the end,

                                        OAuth2 is just a protocol and<br>

                                        should support other servers.<br>

                                        <br>

                                        - Should we provide examples for

                                        OpenID connect? Or abstractions?<br>

                                        <br>

                                        To track this issue, we have the

                                        following Jira[3] and another

                                        for<br>

                                        OpenID connect[4]. Fell free to

                                        link to your respective project.<br>

                                        <br>

                                        <br>

                                        [1] -<br>

                                        <a href="http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerogear.2014-10-08-14.00.html" target="_blank">http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerogear.2014-10-08-14.00.html</a><br>

                                        <br>

                                        [2] -<span> </span><a href="https://gist.github.com/abstractj/04136c6df85cea5f35d1" target="_blank">https://gist.github.com/abstractj/04136c6df85cea5f35d1</a><br>

                                        <br>

                                        [3] -<span> </span><a href="https://issues.jboss.org/browse/AGSEC-180" target="_blank">https://issues.jboss.org/browse/AGSEC-180</a><br>

                                        <br>

                                        [4] -<span> </span><a href="https://issues.jboss.org/browse/AGSEC-190" target="_blank">https://issues.jboss.org/browse/AGSEC-190</a><br>

                                        --<br>

                                        <br>

                                        abstractj<br>

                                        PGP: 0x84DC9914<br>

_______________________________________________<br>

                                        aerogear-dev mailing list<br>

                                        <a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;aerogear-dev@lists.jboss.org&#39;);" target="_blank">aerogear-dev@lists.jboss.org</a><br>

                                        <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

                                      </blockquote>

                                    </div>

                                    <br>

                                    <br clear="all">

                                    <div><br>

                                    </div>

                                    --<span> </span><br>

                                    <div>Matthias Wessendorf<span> </span><br>

                                      <br>

                                      blog:<span> </span><a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>

                                      sessions:<span> </span><a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>

                                      twitter:<span> </span><a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>

                                  </div>

                                </div>

_______________________________________________<br>

                                aerogear-dev mailing list<br>

                                <a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;aerogear-dev@lists.jboss.org&#39;);" target="_blank">aerogear-dev@lists.jboss.org</a><br>

                                <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div>

                            </blockquote>

                          </div>

                        </div>

                      </div>

                      <br>

                    </div>

                    <br>

                    _______________________________________________<br>

                    aerogear-dev mailing list<br>

                    <a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;aerogear-dev@lists.jboss.org&#39;);" target="_blank">aerogear-dev@lists.jboss.org</a><br>

                    <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

                  </blockquote>

                </div>

                <br>

                <br clear="all">

                <div><br>

                </div>

                --<span> </span><br>

                <div>Matthias Wessendorf<span> </span><br>

                  <br>

                  blog:<span> </span><a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>

                  sessions:<span> </span><a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>

                  twitter:<span> </span><a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>

              </div>

            </div>

            <span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">_______________________________________________</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

            <span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">aerogear-dev

              mailing list</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

            <a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;aerogear-dev@lists.jboss.org&#39;);" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">aerogear-dev@lists.jboss.org</a><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

            <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div>

        </blockquote>

      </div>

      <br>

      <br>

      <fieldset></fieldset>

      <br>

      <pre>_______________________________________________

aerogear-dev mailing list

<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;aerogear-dev@lists.jboss.org&#39;);" target="_blank">aerogear-dev@lists.jboss.org</a>

<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>

    </blockquote>

    <br>

  </div>


</blockquote><br><br>-- <br>Sent from Gmail Mobile<br>