<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 10, 2015 at 1:02 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br>
On 2015-03-10, Matthias Wessendorf wrote:<br>
> On Mon, Mar 9, 2015 at 5:56 PM, Summers Pittman <<a href="mailto:supittma@redhat.com">supittma@redhat.com</a>> wrote:<br>
><br>
> > On 03/09/2015 12:50 PM, Matthias Wessendorf wrote:<br>
> ><br>
> ><br>
> ><br>
> > On Mon, Mar 9, 2015 at 5:34 PM, Summers Pittman <<a href="mailto:supittma@redhat.com">supittma@redhat.com</a>><br>
> > wrote:<br>
> ><br>
> >> On 03/09/2015 12:15 PM, Erik Jan de Wit wrote:<br>
> >> >> Because Facebook and Google are well known for not making arbitrary<br>
> >> changes to public apis and configurations.<br>
> >> >><br>
> >> >> More importantly as an Open Source project hitching our code to the<br>
> >> configuration of a third party proprietary system is terrifyingly bad<br>
> >> karma. Push is an exception ONLY because there isn't an equvalent open<br>
> >> solution which has the same reach to devices.<br>
> >> > It’s just some configuration, what point does oauth2 have when it<br>
> >> doesn’t work with Facebook and Google.<br>
> >> /me looks at the shoot and share demo, and the gdrive demo.<br>
> >> Looks like it does work with FB and Google. Did you have a specific<br>
> >> example in mind?<br>
> >> > The whole point of our libs is to make it easy for developers to do<br>
> >> these complex things adding this config makes it super easy. I don’t see:<br>
> >> ”Terrifyingly bad karma” a good reason not to do this.<br>
> >> Because it is hitching our open source project to the largess of<br>
> >> proprietary service vendors. If they change THEIR configuration and OUR<br>
> >> libraries break WE look like the bad guys not them for starters.<br>
> >><br>
> ><br>
> > That happened with push (Google's documentation, not the APIs) in the<br>
> > past, and may happen again. We reacted pretty quick on that one, which is<br>
> > what matters. If we would not react, we would look bad.<br>
> ><br>
> > Perhaps we can add a statement that the code executes against a 3rd<br>
> > party service, that we don't own. That can even happen with differen<br>
> > Keycloak versions. However, usually actual API changes from the big players<br>
> > are usually announced, and it's usually comes with a little bit of time to<br>
> > react.<br>
> ><br>
> ><br>
> >><br>
> >> Additionally the only direction this can go is toward scope creep. Once<br>
> >> we have Facebook and Google nothing is stopping (rhetorically) from<br>
> >> adding Facebook, Yahoo, VK, Microsoft, etc. Now we are maintaining 5x<br>
> >> as many configurations as we were before.<br>
> ><br>
> ><br>
> > I'd not add more, out of the blue. But if there is demand (from which<br>
> > ever direction), it's time to react on that demand, but not before<br>
> ><br>
> ><br>
> >> Who is going to monitor those<br>
> >> APIs and make sure they don't break/get deprecated? Do we cut a release<br>
> >> because one auth provider changed their config?<br>
> >><br>
> >> Of course we don't because that is the responsibility of the app<br>
> >> developer to make sure their configuration for the services they consume<br>
> >> is up to date. It is not and should not be our responsibility.<br>
> >><br>
> >> I freely admit it is nice and it is convenient but it does not belong in<br>
> >> the project.<br>
> >><br>
> ><br>
> > Instead, we don't offer any concrete impls for Google or Facebook?<br>
> ><br>
> > Correct<br>
> ><br>
> > Or use a complicated and generic API, which may work, or not?<br>
> ><br>
> > The API works as long as the service correctly implements and documents<br>
> > their OAuth2 parameters.<br>
> ><br>
> > I don't see how providing the OAuth2 parameters required by the<br>
> > specification we implement makes this a complex API. It is 2 fields<br>
> > (client id and client secret) per client and 5 fields (the various<br>
> > endpoints and base urls) per service.<br>
> ><br>
><br>
><br>
> Should we provide guides or tutorials, how to use the generic API against a<br>
> very few (e.g. FB and Google) services ?<br>
<br>
</div></div>I'm already doing it, please see AGSEC-200<br></blockquote><div><br></div><div>That's nice. But I was more asking if we would/should just offer these guides for 3rd parties like FB/Google instead of having actual code, meaning some convenience implementations for FB/Google like we do on iOS/Windows. </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class=""><br>
><br>
><br>
><br>
><br>
> ><br>
> ><br>
> >><br>
> >><br>
> >> ><br>
> >> ><br>
> >> > _______________________________________________<br>
> >> > aerogear-dev mailing list<br>
> >> > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> >> > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> >><br>
> >><br>
> >> --<br>
> >> Summers Pittman<br>
> >> >>Phone:404 941 4698<br>
> >> >>Java is my crack.<br>
> >><br>
> >> _______________________________________________<br>
> >> aerogear-dev mailing list<br>
> >> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> >> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> >><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > Matthias Wessendorf<br>
> ><br>
> > blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> > sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> > twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
> ><br>
> ><br>
> > _______________________________________________<br>
</span>> > aerogear-dev mailing listaerogear-dev@lists.jboss.orghttps://<a href="http://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<span class="">> ><br>
> ><br>
> ><br>
> > --<br>
> > Summers Pittman<br>
> > >>Phone:404 941 4698<br>
> > >>Java is my crack.<br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > aerogear-dev mailing list<br>
> > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> ><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
<br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
<br>
--<br>
<br>
</span>abstractj<br>
PGP: 0x84DC9914<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>
</div></div>