On 10/08/2014 10:49 PM, Bruno Oliveira wrote:
Good morning,
Today we had a meeting to discuss some of the priorities for security on
AeroGear[1]. One of the items is OAuth2 support. Currently we have
several great examples and implementations for GDrive, flows for
Keycloak and etc.
Although is a bit confuse for developers getting started from scratch.
I would like to keep our libaries aligned, considering the limitations
of each technology of course, as well consolidate each flow[2].
Also the team agreed that OpenID connect (with Facebook and Google) should be considered
a low
priority at the moment. That said I have some open questions:
- Should we provide separated SDKs for OAuth2? Or let's put everything
into *-auth and break into modules later?
*-auth should, IMHO, contain everything
necessary to create an OAuth2
connection to anything that isn't broken. However, *-auth-facebook,
*-auth-google, *-auth-herpDerpDeHur, etc may be useful to be full of
convenience classes.
ON Android it may even be useful to have a *-auth-accountmanager to make
working with Androids native token service easier.
Note: Not only for Keycloak, but also compatible with other technologies
like passport on Node.js. In the end, OAuth2 is just a protocol and
should support other servers.
- Should we provide examples for OpenID connect? Or abstractions?
To track this issue, we have the following Jira[3] and another for
OpenID connect[4]. Fell free to link to your respective project.
[1] -
http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerog...
[2] -
https://gist.github.com/abstractj/04136c6df85cea5f35d1
[3] -
https://issues.jboss.org/browse/AGSEC-180
[4] -
https://issues.jboss.org/browse/AGSEC-190
--
abstractj
PGP: 0x84DC9914
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Summers Pittman
>Phone:404 941 4698
>Java is my crack.