[security-dev] IDM Use Case : Registering OAuth2 Applications
Anil Saldhana
Anil.Saldhana at redhat.com
Wed Nov 14 16:46:49 EST 2012
It has a different meaning I think. Not sure. See below.
This is how it is in layman terms:
Twitter is the OAuth2 provider. Tweetdeck, hootsuite,twitter mobile app
etc are registered applications at Twitter developer site.
They get a consumer key and a secret from twitter to identify them.
On thinking further, I am wondering maybe we can model this as a
TwitterRegisteredApplicationsRealm under which we register application(s).
On 11/14/2012 03:29 PM, Shane Bryzak wrote:
> Is Application in this instance synonymous with the Application that
> we've been discussing the last couple of days? Or does it have a
> different meaning?
>
> On 11/15/2012 06:56 AM, Anil Saldhana wrote:
>> Shane/Pedro,
>> what do you think about this issue? There is no real user involved.
>> It is the registration of an OAuth2 mobile/desktop
>> application at the provider.
>>
>> Regards,
>> Anil
>>
>> On 11/08/2012 08:41 AM, Anil Saldhana wrote:
>>> This use case is primarily for OAuth2 style interactions. There is a
>>> need to register a OAuth2 application at the OAuth2 provider (such as
>>> Facebook, Twitter etc).
>>>
>>> The registration of the application is very similar to a User.
>>> https://github.com/picketlink/picketlink/blob/master/oauth/src/main/java/org/picketlink/oauth/registration/RegistrationEndpoint.java
>>>
>>> The method register() has me using IDM User API to register a Client
>>> Application with clientname and using attributes for redirect_url and
>>> description and stuff.
>>>
>>> How do we modify the IDM API for Application registration?
>>
More information about the security-dev
mailing list