[aerogear-dev] Auth Authz and OAuth
Corinne Krych
corinnekrych at gmail.com
Mon Jan 6 10:48:44 EST 2014
Agreed. We could find a common way to treat both tokens and apply them.
Make a proposal for android and I'll create a JIRA for iOS.
this is at implementation level though and should not affect interfaces.
Different interfaces still needed for auth and authz though.
++
Corinne
On Jan 6, 2014, at 4:39 PM, Summers Pittman <supittma at redhat.com> wrote:
> On Mon 06 Jan 2014 10:36:32 AM EST, Corinne Krych wrote:
>> Summers,
>>
>> Do you mean, should we refactor and treat authToken and accessTokens in a similar way for the implementation of OAuth2?
>
> Yes. That is what I am proposing.
>
>>
>> ++
>> Corinne
>> On Jan 6, 2014, at 4:33 PM, Lucas Holmquist <lholmqui at redhat.com> wrote:
>>
>>>
>>> On Jan 6, 2014, at 10:21 AM, Summers Pittman <supittma at redhat.com> wrote:
>>>
>>>> So in JS land and iOS land we have or will soon have OAuth2 handling.
>>>> To handle OAuth2 a new API was created, AGAuthorizationModule. I
>>>> understand and agree with the separation of concerns between
>>>> Authentication and Authorization, but I am worried that this introduces
>>>> two APIs now.
>>>>
>>>> Before Authz was added Authentication (login, logout, etc) and
>>>> Authorization(here are my keys and permissions) were both handled by
>>>> AGAuthenticationModules. With Authz now being a thing we should
>>>> probably remove and deprecate the authz parts of the old
>>>> AuthenticationModules.
>>>>
>>>> see iOS
>>>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307
>>>>
>>>> see Android
>>>> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/pipeline/RestRunner.java#L319
>>>>
>>>> see Javascript: I couldn't actually find this in javascript…
>>>
>>> We didn't have authz in our auth stuff, so it made sense to create a separate thing.
>>>
>>>>
>>>> wdyt?
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
More information about the aerogear-dev
mailing list