On Jan 6, 2014, at 5:48 PM, Corinne Krych <corinnekrych(a)gmail.com> wrote:
Agreed. We could find a common way to treat both tokens and apply
them.
@summers continue on the discussion we had on our meeting, per OAuthz workflow req. a
separate AGAuthzModule has been created [1] since the original AuthenticationModule[2]
interface couldn’t accommodate it. Since the end-result for both is ‘modifying’ the
request (currently headers but possible in the future body) prior on performing the
operation would be interesting if we can somehow encapsulate this common ‘behaviour’ and
have those separate AuthModule and AuthzModule inherit from.
would be interesting to know your idea on this
Regards,
-
Christos
[1]
Make a proposal for android and I'll create a JIRA for iOS.
this is at implementation level though and should not affect interfaces.
Different interfaces still needed for auth and authz though.
++
Corinne
On Jan 6, 2014, at 4:39 PM, Summers Pittman <supittma(a)redhat.com> wrote:
> On Mon 06 Jan 2014 10:36:32 AM EST, Corinne Krych wrote:
>> Summers,
>>
>> Do you mean, should we refactor and treat authToken and accessTokens in a similar
way for the implementation of OAuth2?
>
> Yes. That is what I am proposing.
>
>>
>> ++
>> Corinne
>> On Jan 6, 2014, at 4:33 PM, Lucas Holmquist <lholmqui(a)redhat.com> wrote:
>>
>>>
>>> On Jan 6, 2014, at 10:21 AM, Summers Pittman <supittma(a)redhat.com>
wrote:
>>>
>>>> So in JS land and iOS land we have or will soon have OAuth2 handling.
>>>> To handle OAuth2 a new API was created, AGAuthorizationModule. I
>>>> understand and agree with the separation of concerns between
>>>> Authentication and Authorization, but I am worried that this introduces
>>>> two APIs now.
>>>>
>>>> Before Authz was added Authentication (login, logout, etc) and
>>>> Authorization(here are my keys and permissions) were both handled by
>>>> AGAuthenticationModules. With Authz now being a thing we should
>>>> probably remove and deprecate the authz parts of the old
>>>> AuthenticationModules.
>>>>
>>>> see iOS
>>>>
https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGea...
>>>>
>>>> see Android
>>>>
https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/ae...
>>>>
>>>> see Javascript: I couldn't actually find this in javascript…
>>>
>>> We didn't have authz in our auth stuff, so it made sense to create a
separate thing.
>>>
>>>>
>>>> wdyt?
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev