[aerogear-dev] Auth Authz and OAuth
Corinne Krych
corinnekrych at gmail.com
Wed Jan 15 05:38:59 EST 2014
Hello Guys,
Bringing back the subject of refactoring Auth and Authz
I've actually refactor applyToken into on emethod which fits both authentication token and Oauth2 tokens
See code in OAuth2 PR:
https://github.com/corinnekrych/aerogear-ios/blob/e6d4a15daf172706199aa8f09b00cd31cce7712c/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307
and when setting accessToken in exchange code for access token
https://github.com/corinnekrych/aerogear-ios/blob/e6d4a15daf172706199aa8f09b00cd31cce7712c/AeroGear-iOS/AeroGear-iOS/security/Authorizer/AGRestAuthzModule.m#L128
This way is less intrusive for AGRestPipe. wdyt?
++
Corinne
On Jan 6, 2014, at 6:16 PM, Summers Pittman <supittma at redhat.com> wrote:
> On Mon 06 Jan 2014 12:04:16 PM EST, Corinne Krych wrote:
>> login/logoff/enroll is not part of authz already
>
> Oh, I misread your files this morning and this makes a lot more sense now. Note to self, don't review ObjC until I have had at least 3 cups of coffee.
>
>
>
>> ++
>> Corinne
>> On Jan 6, 2014, at 5:04 PM, Summers Pittman <supittma at redhat.com> wrote:
>>
>>> On 01/06/2014 10:48 AM, Corinne Krych wrote:
>>>> Agreed. We could find a common way to treat both tokens and apply them.
>>>> Make a proposal for android and I'll create a JIRA for iOS.
>>>> this is at implementation level though and should not affect interfaces.
>>>> Different interfaces still needed for auth and authz though.
>>> True. But it may simplify both interfaces (like removing login/logoff/enroll from authz)
>>>>
>>>> ++
>>>> Corinne
>>>> On Jan 6, 2014, at 4:39 PM, Summers Pittman <supittma at redhat.com> wrote:
>>>>
>>>>> On Mon 06 Jan 2014 10:36:32 AM EST, Corinne Krych wrote:
>>>>>> Summers,
>>>>>>
>>>>>> Do you mean, should we refactor and treat authToken and accessTokens in a similar way for the implementation of OAuth2?
>>>>> Yes. That is what I am proposing.
>>>>>
>>>>>> ++
>>>>>> Corinne
>>>>>> On Jan 6, 2014, at 4:33 PM, Lucas Holmquist <lholmqui at redhat.com> wrote:
>>>>>>
>>>>>>> On Jan 6, 2014, at 10:21 AM, Summers Pittman <supittma at redhat.com> wrote:
>>>>>>>
>>>>>>>> So in JS land and iOS land we have or will soon have OAuth2 handling.
>>>>>>>> To handle OAuth2 a new API was created, AGAuthorizationModule. I
>>>>>>>> understand and agree with the separation of concerns between
>>>>>>>> Authentication and Authorization, but I am worried that this introduces
>>>>>>>> two APIs now.
>>>>>>>>
>>>>>>>> Before Authz was added Authentication (login, logout, etc) and
>>>>>>>> Authorization(here are my keys and permissions) were both handled by
>>>>>>>> AGAuthenticationModules. With Authz now being a thing we should
>>>>>>>> probably remove and deprecate the authz parts of the old
>>>>>>>> AuthenticationModules.
>>>>>>>>
>>>>>>>> see iOS
>>>>>>>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307
>>>>>>>>
>>>>>>>> see Android
>>>>>>>> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/pipeline/RestRunner.java#L319
>>>>>>>>
>>>>>>>> see Javascript: I couldn't actually find this in javascript…
>>>>>>> We didn't have authz in our auth stuff, so it made sense to create a separate thing.
>>>>>>>
>>>>>>>> wdyt?
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> aerogear-dev mailing list
>>>>>>>> aerogear-dev at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> aerogear-dev mailing list
>>>>>>> aerogear-dev at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>
>>>>>> _______________________________________________
>>>>>> aerogear-dev mailing list
>>>>>> aerogear-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>
>>
>
>
More information about the aerogear-dev
mailing list