I will be working with Bill to streamline our OAuth implementation.  I dont care if OAuth stays in RESTEasy or PicketLink as long as our users have support for OAuth from JBoss community.

On 02/20/2013 09:55 AM, Bruno Oliveira wrote:
'kk what's the plan for PicketLink use amber (https://github.com/picketlink/picketlink/tree/master/oauth/src/main/java/org/picketlink/oauth/amber) or Bill's implementation? 

Or both?

-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Wednesday, February 20, 2013 at 12:26 PM, Anil Saldhana wrote:

Hi Bruno,
  I think that is the usecase for implicit grant type in OAuth2.  It is used when the client cannot save any secrets or tokens such as Javascript applications.

Regards,
Anil

On 02/20/2013 05:42 AM, Bruno Oliveira wrote:
Hi Anil,

Are you thinking in something like this? https://developers.google.com/accounts/docs/OAuth2#clientside

If yes, makes sense.


-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Tuesday, February 19, 2013 at 11:05 PM, Anil Saldhana wrote:

I am unsure if "implicit" usecase implies insecure. All it does is
avoids the intermediate
authorization code grant step. It is useful for Javascript applications