On 08/26/2013 01:11 PM, Lucas Holmquist wrote:
We are planning on adding an OAuth2 adapter to the JS library for 1.3.0. We are going to code against the google OAuth2 playground stuff,  but trying to follow the spec as much as possible and try to be as generic as we can.  

I'm not sure if this should be an "adapter" or something different.  If it is an adapter of the Authentication plugin( not  sure what we are calling the different pieces.  pipeline, data manager, etc.), then we should expect to see authentication methods( enroll, login, logout ),  but i think this "adapter" should be much more than that.

It should be used to connect to secured services( api ) that a user allows, such as GCM for chrome or the google+ platform, or some other enterprisey thing.

I'm wondering if this should be a standalone thing.  I kind of like this idea so when we do social login, which will most likely have OAuth2,  we can just access it.  

Thoughts?
I feel like OAuth2 could be an Adapter/AuthenticationModule rather easily.

** login -> if tokens are provided in the config use them.
                    if tokens are uptoDate, onSuccess
                    else if tokens are expired, renew them
                        if renew succeeds onSuccess
                        else onFailure
                else if credentials provided try login
                    if login fails (redirect to some click through)
                       call onFailure with useful data included?
                    if login succeeds
                      update tokens,call onSuccess
           
** logout ->  trash local tokens,
                     unregister device (call /logout or w/e)
                     onSuccess
       
** enroll -> throw not implemented exception.  Allow users to override if necessary?

One of the things added to Android in 1.1 was a isRetry method on the Module.  It is responsible for trying to renew any tokens you had in the event of a failure.  It is currently used in Digest Authentication.  So if we have our module on a Pipe and it fails because the tokens expired, it can refresh the tokens before giving up.

Just my .02 (still beaning up)

One of the things I worry about is us getting "close enough".  OAuth2 is a bit of a beast and everyone seems to have their own libraries for how to handle it (on the Java/Android side anyway).  A way around that is to try to make it easy to slot in calls / workflows for a third party but I have no idea how to begin approaching that in a universal way.





_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev