Re: [aerogear-dev] Keycloak integration and UPS Sender
----- Original Message -----
From: "Bruno Oliveira" <bruno(a)abstractj.org>
To: "AeroGear Developer Mailing List" <aerogear-dev(a)lists.jboss.org>
Sent: Tuesday, June 17, 2014 7:17:36 PM
Subject: Re: [aerogear-dev] Keycloak integration and UPS Sender
>
>
> IMO if possible, keeping these 'exceptions' (or excludes) under HTTP_BASIC
> would be the simplest solution, as that means none of our client SDKs
> (Android, iOS, Cordova, Node.js Sender, Java-Sendet etc) would require an
> update.
I had a chat with Stian and looks like it's possible to support both
auth methods in a single app, but that would involve changes on Keycloak.
It's just the matter of discuss with KC team.
My two cents is the fact that we should use bearer tokens only, instead
of mix both auth methods in a single app — now that we have KC.
And discuss the changes into our clients rather sooner than later.
But I'm open for whatever you guys think it's the best.
I agree here, we should try to aim to have only one auth method - bearer tokens unless it
has
performance or usability consequences. Mix is more error prone and more complicated to
maintain longterm imho.