[aerogear-dev] Auth Authz and OAuth
Summers Pittman
supittma at redhat.com
Mon Jan 6 10:35:41 EST 2014
On Mon 06 Jan 2014 10:33:13 AM EST, Lucas Holmquist wrote:
>
> On Jan 6, 2014, at 10:21 AM, Summers Pittman <supittma at redhat.com> wrote:
>
>> So in JS land and iOS land we have or will soon have OAuth2 handling.
>> To handle OAuth2 a new API was created, AGAuthorizationModule. I
>> understand and agree with the separation of concerns between
>> Authentication and Authorization, but I am worried that this introduces
>> two APIs now.
>>
>> Before Authz was added Authentication (login, logout, etc) and
>> Authorization(here are my keys and permissions) were both handled by
>> AGAuthenticationModules. With Authz now being a thing we should
>> probably remove and deprecate the authz parts of the old
>> AuthenticationModules.
>>
>> see iOS
>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307
>>
>> see Android
>> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/pipeline/RestRunner.java#L319
>>
>> see Javascript: I couldn't actually find this in javascript…
>
> We didn't have authz in our auth stuff, so it made sense to create a separate thing.
How was JavaScript handling tokens in Auth then?
>
>>
>> wdyt?
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list