I'm not married to where the code lives, but I'm leaning towards it
being a Resteasy project as its something I want to promote and maintain
as a solution in the overall REST architecture.
On 2/20/2013 11:31 AM, Anil Saldhana wrote:
I will be working with Bill to streamline our OAuth implementation.
I
dont care if OAuth stays in RESTEasy or PicketLink as long as our users
have support for OAuth from JBoss community.
On 02/20/2013 09:55 AM, Bruno Oliveira wrote:
> 'kk what's the plan for PicketLink use amber
>
(
https://github.com/picketlink/picketlink/tree/master/oauth/src/main/java/...)
> or Bill's implementation?
>
> Or both?
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> On Wednesday, February 20, 2013 at 12:26 PM, Anil Saldhana wrote:
>
>> Hi Bruno,
>> I think that is the usecase for implicit grant type in OAuth2. It
>> is used when the client cannot save any secrets or tokens such as
>> Javascript applications.
>>
>> Regards,
>> Anil
>>
>> On 02/20/2013 05:42 AM, Bruno Oliveira wrote:
>>> Hi Anil,
>>>
>>> Are you thinking in something like this?
>>>
https://developers.google.com/accounts/docs/OAuth2#clientside
>>>
>>> If yes, makes sense.
>>>
>>>
>>> --
>>> "The measure of a man is what he does with power" - Plato
>>> -
>>> @abstractj
>>> -
>>> Volenti Nihil Difficile
>>>
>>> On Tuesday, February 19, 2013 at 11:05 PM, Anil Saldhana wrote:
>>>
>>>> I am unsure if "implicit" usecase implies insecure. All it does
is
>>>> avoids the intermediate
>>>> authorization code grant step. It is useful for Javascript applications
>>>
>>
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev