Re: [aerogear-dev] OAuth2, OpenID connect and AeroGear
On 2014-10-09, Summers Pittman wrote:
On 10/08/2014 10:49 PM, Bruno Oliveira wrote:
> Good morning,
>
> Today we had a meeting to discuss some of the priorities for security on
> AeroGear[1]. One of the items is OAuth2 support. Currently we have
> several great examples and implementations for GDrive, flows for
> Keycloak and etc.
>
> Although is a bit confuse for developers getting started from scratch.
> I would like to keep our libaries aligned, considering the limitations
> of each technology of course, as well consolidate each flow[2].
>
> Also the team agreed that OpenID connect (with Facebook and Google) should be
considered a low
> priority at the moment. That said I have some open questions:
>
> - Should we provide separated SDKs for OAuth2? Or let's put everything
> into *-auth and break into modules later?
*-auth should, IMHO, contain everything necessary to create an OAuth2
connection to anything that isn't broken. However, *-auth-facebook,
*-auth-google, *-auth-herpDerpDeHur, etc may be useful to be full of
convenience classes.
I'm cool with that with we agreed on that or maybe extract these classes
later.
ON Android it may even be useful to have a *-auth-accountmanager to make
working with Androids native token service easier.
Is this something specific for Android or would be possible to have the
same concept (not implementation) on iOS/JS/Cordova?
Don't want to play the agilist here, but would be nice to contextualize
people on AG domain model. And I also understand that not everything must be
the same to all platforms.
>
> Note: Not only for Keycloak, but also compatible with other technologies
> like passport on Node.js. In the end, OAuth2 is just a protocol and
> should support other servers.
>
> - Should we provide examples for OpenID connect? Or abstractions?
>
> To track this issue, we have the following Jira[3] and another for
> OpenID connect[4]. Fell free to link to your respective project.
>
>
> [1] -
>
http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerog...
>
> [2] - https://gist.github.com/abstractj/04136c6df85cea5f35d1
>
> [3] - https://issues.jboss.org/browse/AGSEC-180
>
> [4] - https://issues.jboss.org/browse/AGSEC-190
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914