[aerogear-dev] Auth Authz and OAuth

Summers Pittman supittma at redhat.com
Mon Jan 6 10:21:42 EST 2014


So in JS land and iOS land we have or will soon have OAuth2 handling.  
To handle OAuth2 a new API was created, AGAuthorizationModule.  I 
understand and agree with the separation of concerns between 
Authentication and Authorization, but I am worried that this introduces 
two APIs now.

Before Authz was added Authentication (login, logout, etc) and 
Authorization(here are my keys and permissions) were both handled by 
AGAuthenticationModules.  With Authz now being a thing we should 
probably remove and deprecate the authz parts of the old 
AuthenticationModules.

see iOS 
https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307

see Android 
https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/pipeline/RestRunner.java#L319

see Javascript:  I couldn't actually find this in javascript...

wdyt?




More information about the aerogear-dev mailing list