[aerogear-dev] Auth Authz and OAuth

Corinne Krych corinnekrych at gmail.com
Mon Jan 6 10:36:32 EST 2014


Summers,

Do you mean, should we refactor and treat authToken and accessTokens in a similar way for the implementation of OAuth2?

++
Corinne
On Jan 6, 2014, at 4:33 PM, Lucas Holmquist <lholmqui at redhat.com> wrote:

> 
> On Jan 6, 2014, at 10:21 AM, Summers Pittman <supittma at redhat.com> wrote:
> 
>> So in JS land and iOS land we have or will soon have OAuth2 handling.  
>> To handle OAuth2 a new API was created, AGAuthorizationModule.  I 
>> understand and agree with the separation of concerns between 
>> Authentication and Authorization, but I am worried that this introduces 
>> two APIs now.
>> 
>> Before Authz was added Authentication (login, logout, etc) and 
>> Authorization(here are my keys and permissions) were both handled by 
>> AGAuthenticationModules.  With Authz now being a thing we should 
>> probably remove and deprecate the authz parts of the old 
>> AuthenticationModules.
>> 
>> see iOS 
>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307
>> 
>> see Android 
>> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/pipeline/RestRunner.java#L319
>> 
>> see Javascript:  I couldn't actually find this in javascript…
> 
> We didn't have authz in our auth stuff,  so it made sense to create a separate thing.  
> 
>> 
>> wdyt?
>> 
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev




More information about the aerogear-dev mailing list