[aerogear-dev] OAuth2, OpenID connect and AeroGear

Good morning, Today we had a meeting to discuss some of the priorities for security on AeroGear[1]. One of the items is OAuth2 support. Currently we have several great examples and implementations for GDrive, flows for Keycloak and etc. Although is a bit confuse for developers getting started from scratch. I would like to keep our libaries aligned, considering the limitations of each technology of course, as well consolidate each flow[2]. Also the team agreed that OpenID connect (with Facebook and Google) should be considered a low priority at the moment. That said I have some open questions: - Should we provide separated SDKs for OAuth2? Or let's put everything into *-auth and break into modules later? Note: Not only for Keycloak, but also compatible with other technologies like passport on Node.js. In the end, OAuth2 is just a protocol and should support other servers. - Should we provide examples for OpenID connect? Or abstractions? To track this issue, we have the following Jira[3] and another for OpenID connect[4]. Fell free to link to your respective project. [1] - http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerog... [2] - https://gist.github.com/abstractj/04136c6df85cea5f35d1 [3] - https://issues.jboss.org/browse/AGSEC-180 [4] - https://issues.jboss.org/browse/AGSEC-190 -- abstractj PGP: 0x84DC9914