Great, thanks for the insight David, I'll go bark up that tree
for a
while.
Brian
On 2015-02-25 10:44 AM, Daniel Passos wrote:
>
> Hey Brian,
>
> You can. but not necessarily need do that.. You can create your own
> workflow.
>
> Just implement your own:
>
> *
>
> OAuth2AuthroizationConfigurationProvider
>
> *
>
> AuthorizationConfiguration
>
> * AuthzModule.java
>
> And let the |AuthorizationManager| know[1] your new Authz
>
>
|AuthorizationManager.registerConfigurationProvider(YourNewAuthorizationConfiguration, new
YourNewOAuth2AuthroizationConfigurationProvider)
> |
>
> [1]
>
https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-a...
>
> -- Passos
>
>
>
>
> On Wed, Feb 25, 2015 at 3:30 PM, Brian Leathem <bleathem(a)gmail.com
> <mailto:bleathem@gmail.com>> wrote:
>
> ... and the devil is in the details.
>
> It seems as though all the current AuzthzModules use an http
> based approach to requesting an Oauth2 token. I see this being
> done in OAuth2WebFragmentFetchAutorization#doAuthorization
> method, where an OAuthWebViewDialog is used to trigger the Oauth2
> token request.
>
> To use Google Play services to trigger an Oauth2 token request,
> we won't use an http approach, but rather we start an activity to
> select an account and request an Oauth2 token. Once the token is
> retrieved it can then be used with the standard http Oauth2 API.
>
> (One caveat: the google play services token response doesn't
> provide a refresh token. I believe this to be a non-issue as the
> token request process is trivial when using google play services
> (no authentication step)).
>
> I see to ways to implement this feature:
>
> 1) Generalize the OAuth2WebFragmentFetchAutorization into an
> interface, and have one implementation to handle http-based token
> requests, and second implementation to handle intent-based token
> requests.
>
> 2) Add a OAuth2AuthorizationConfiguration option to use intents
> instead of http, and trigger a different workflow within the
> OAuth2WebFragmentFetchAutorization#doAuthorization method if that
> config is set.
>
> My preference is for 2) because it's a) simpler, and b) it is
> really only during the #doAuthorization method that we have a
> different approach.
>
> Thoughts? I'll start with implementing approach (2) unless I
> hear otherwise.
>
> Brian
>
>
> On 2015-02-24 07:25 PM, Matthias Wessendorf wrote:
>>
>>
>> On Wednesday, February 25, 2015, Daniel Passos <daniel(a)passos.me
>> <mailto:daniel@passos.me>> wrote:
>>
>> No, we are not using Google Play services API for now for
>> OAuth2 in Android land.
>>
>> But feel free create a new AuthzModule[1] for it ;)
>>
>>
>> +1
>>
>>
>>
>> [1]
https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-a...
>>
>> -- Passos
>>
>>
>> On Tue, Feb 24, 2015 at 4:01 PM, Sebastien Blanc
>> <scm.blanc(a)gmail.com> wrote:
>>
>> Cool stuff Brian !
>> The AeroGear OAuth2 Cordova plugin relies on the Native
>> AeroGear OAuth2 Libraries, so maybe Summers and/or
>> Daniel could tell more about it.
>> Sebi
>>
>>
>> On Tue, Feb 24, 2015 at 7:46 PM, Brian Leathem
>> <bleathem(a)gmail.com> wrote:
>>
>> Hey gear-heads,
>>
>> I recently wrote a Cordova plugin that retrieves a
>> Oauth2 token on
>> Android using Google Play Services. The advantage
>> of this approach is
>> it leverages the single-sign-on capabilities of
>> android, and the app can
>> retrieve the Oauth2 token without requiring
>> Authentication from the
>> user. I blogged about it here:
>>
>>
http://www.bleathem.ca/blog/2015/02/cordova-oauth-google-services.html
>>
>> Using a promise-based API it's fairly trivial to
>> fallback to a
>> traditional Web authentication/authorisation for the
>> Oauth2 token when
>> the google-play-services approach isn't supported.
>>
>> I'm aware the aerogear team has a Oauth2 cordova
>> plugin [1], but it's
>> not clear to me if the google-play-services
>> integration is supported.
>> If the Aerogeam would find it useful, I'd be more
>> than happy to provide
>> a PR to the aerogear cordova plugin providing such
>> integration.
>>
>> Thoughts?
>> Brian
>>
>> [1]
>>
http://staging-aerogearsite.rhcloud.com/docs/specs/aerogear-cordova/OAuth...
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>>
>>
>> --
>> Sent from Gmail Mobile
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org <mailto:aerogear-dev@lists.jboss.org>
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org <mailto:aerogear-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev