On 02/25/2015 01:59 PM, Brian Leathem wrote:
Great, thanks for the insight David, I'll go bark up that tree for a while.
https://issues.jboss.org/browse/AGDROID-319?jql=project%20%3D%20AGDROID%20AND%20fixVersion%20%3D%202.2.0%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20due%20ASC%2C%20priority%20DESC%2C%20created%20ASC

This will probably be necessary to implement to get what you want done. 

Brian

On 2015-02-25 10:44 AM, Daniel Passos wrote:

Hey Brian,

You can. but not necessarily need do that.. You can create your own workflow.

Just implement your own:

  • OAuth2AuthroizationConfigurationProvider

  • AuthorizationConfiguration

  • AuthzModule.java

And let the AuthorizationManager know[1] your new Authz

AuthorizationManager.registerConfigurationProvider(YourNewAuthorizationConfiguration, new YourNewOAuth2AuthroizationConfigurationProvider)

[1] https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-android-authz/src/main/java/org/jboss/aerogear/android/authorization/AuthorizationManager.java#L37-L41

-- Passos



On Wed, Feb 25, 2015 at 3:30 PM, Brian Leathem <bleathem@gmail.com> wrote:
... and the devil is in the details.

It seems as though all the current AuzthzModules use an http based approach to requesting an Oauth2 token.  I see this being done in OAuth2WebFragmentFetchAutorization#doAuthorization method, where an OAuthWebViewDialog is used to trigger the Oauth2 token request.

To use Google Play services to trigger an Oauth2 token request, we won't use an http approach, but rather we start an activity to select an account and request an Oauth2 token.  Once the token is retrieved it can then be used with the standard http Oauth2 API.

(One caveat: the google play services token response doesn't provide a refresh token.  I believe this to be a non-issue as the token request process is trivial when using google play services (no authentication step)).

I see to ways to implement this feature:

1) Generalize the OAuth2WebFragmentFetchAutorization into an interface, and have one implementation to handle http-based token requests, and second implementation to handle intent-based token requests.

2) Add a OAuth2AuthorizationConfiguration option to use intents instead of http, and trigger a different workflow within the OAuth2WebFragmentFetchAutorization#doAuthorization method if that config is set.

My preference is for 2) because it's a) simpler, and b) it is really only during the #doAuthorization method that we have a different approach.

Thoughts?  I'll start with implementing approach (2) unless I hear otherwise.

Brian


On 2015-02-24 07:25 PM, Matthias Wessendorf wrote:


On Wednesday, February 25, 2015, Daniel Passos <daniel@passos.me> wrote:
No, we are not using Google Play services API for now for OAuth2 in Android land. 

But feel free create a new AuthzModule[1] for it ;)

+1
 

On Tue, Feb 24, 2015 at 4:01 PM, Sebastien Blanc <scm.blanc@gmail.com> wrote:
Cool stuff Brian ! 
The AeroGear OAuth2 Cordova plugin relies on the Native AeroGear OAuth2  Libraries, so maybe Summers and/or Daniel could tell  more about it. 
Sebi
 

On Tue, Feb 24, 2015 at 7:46 PM, Brian Leathem <bleathem@gmail.com> wrote:
Hey gear-heads,

I recently wrote a Cordova plugin that retrieves a Oauth2 token on
Android using Google Play Services.  The advantage of this approach is
it leverages the single-sign-on capabilities of android, and the app can
retrieve the Oauth2 token without requiring Authentication from the
user. I blogged about it here:

http://www.bleathem.ca/blog/2015/02/cordova-oauth-google-services.html

Using a promise-based API it's fairly trivial to fallback to a
traditional Web authentication/authorisation for the Oauth2 token when
the google-play-services approach isn't supported.

I'm aware the aerogear team has a Oauth2 cordova plugin [1], but it's
not clear to me if the google-play-services integration is supported.
If the Aerogeam would find it useful, I'd be more than happy to provide
a PR to the aerogear cordova plugin providing such integration.

Thoughts?
Brian

[1]
http://staging-aerogearsite.rhcloud.com/docs/specs/aerogear-cordova/OAuth2.html
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
Sent from Gmail Mobile


_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev


-- 
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.