[aerogear-dev] OAuth2 Adapter
Summers Pittman
supittma at redhat.com
Tue Aug 27 10:26:07 EDT 2013
On 08/26/2013 01:11 PM, Lucas Holmquist wrote:
> We are planning on adding an OAuth2 adapter to the JS library for 1.3.0. We are going to code against the google OAuth2 playground stuff, but trying to follow the spec as much as possible and try to be as generic as we can.
>
> I'm not sure if this should be an "adapter" or something different. If it is an adapter of the Authentication plugin( not sure what we are calling the different pieces. pipeline, data manager, etc.), then we should expect to see authentication methods( enroll, login, logout ), but i think this "adapter" should be much more than that.
>
> It should be used to connect to secured services( api ) that a user allows, such as GCM for chrome or the google+ platform, or some other enterprisey thing.
>
> I'm wondering if this should be a standalone thing. I kind of like this idea so when we do social login, which will most likely have OAuth2, we can just access it.
>
> Thoughts?
I feel like OAuth2 could be an Adapter/AuthenticationModule rather easily.
** login -> if tokens are provided in the config use them.
if tokens are uptoDate, onSuccess
else if tokens are expired, renew them
if renew succeeds onSuccess
else onFailure
else if credentials provided try login
if login fails (redirect to some click through)
call onFailure with useful data included?
if login succeeds
update tokens,call onSuccess
** logout -> trash local tokens,
unregister device (call /logout or w/e)
onSuccess
** enroll -> throw not implemented exception. Allow users to override
if necessary?
One of the things added to Android in 1.1 was a isRetry method on the
Module. It is responsible for trying to renew any tokens you had in the
event of a failure. It is currently used in Digest Authentication. So
if we have our module on a Pipe and it fails because the tokens expired,
it can refresh the tokens before giving up.
Just my .02 (still beaning up)
One of the things I worry about is us getting "close enough". OAuth2 is
a bit of a beast and everyone seems to have their own libraries for how
to handle it (on the Java/Android side anyway). A way around that is to
try to make it easy to slot in calls / workflows for a third party but I
have no idea how to begin approaching that in a universal way.
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130827/89e79490/attachment.html
More information about the aerogear-dev
mailing list