[aerogear-dev] Auth Authz and OAuth

Christos Vasilakis cvasilak at gmail.com
Wed Jan 15 08:21:26 EST 2014


On Jan 15, 2014, at 12:38 PM, Corinne Krych <corinnekrych at gmail.com> wrote:

> Hello Guys,
> 
> Bringing back the subject of refactoring Auth and Authz
> I've actually refactor applyToken into on emethod which fits both authentication token and Oauth2 tokens
> See code in OAuth2 PR:
> 
> https://github.com/corinnekrych/aerogear-ios/blob/e6d4a15daf172706199aa8f09b00cd31cce7712c/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307
> 
> and when setting accessToken in exchange code for access token
> https://github.com/corinnekrych/aerogear-ios/blob/e6d4a15daf172706199aa8f09b00cd31cce7712c/AeroGear-iOS/AeroGear-iOS/security/Authorizer/AGRestAuthzModule.m#L128
> 
> This way is less intrusive for AGRestPipe. wdyt?

makes perfectly sense +1


> 
> ++
> Corinne
> On Jan 6, 2014, at 6:16 PM, Summers Pittman <supittma at redhat.com> wrote:
> 
>> On Mon 06 Jan 2014 12:04:16 PM EST, Corinne Krych wrote:
>>> login/logoff/enroll is not part of authz already
>> 
>> Oh, I misread your files this morning and this makes a lot more sense now.  Note to self, don't review ObjC until I have had at least 3 cups of coffee.
>> 
>> 
>> 
>>> ++
>>> Corinne
>>> On Jan 6, 2014, at 5:04 PM, Summers Pittman <supittma at redhat.com> wrote:
>>> 
>>>> On 01/06/2014 10:48 AM, Corinne Krych wrote:
>>>>> Agreed. We could find a common way to treat both tokens and apply them.
>>>>> Make a proposal for android and I'll create a JIRA for iOS.
>>>>> this is at implementation level though and should not affect interfaces.
>>>>> Different interfaces still needed for auth and authz though.
>>>> True.  But it may simplify both interfaces (like removing login/logoff/enroll from authz)
>>>>> 
>>>>> ++
>>>>> Corinne
>>>>> On Jan 6, 2014, at 4:39 PM, Summers Pittman <supittma at redhat.com> wrote:
>>>>> 
>>>>>> On Mon 06 Jan 2014 10:36:32 AM EST, Corinne Krych wrote:
>>>>>>> Summers,
>>>>>>> 
>>>>>>> Do you mean, should we refactor and treat authToken and accessTokens in a similar way for the implementation of OAuth2?
>>>>>> Yes.  That is what I am proposing.
>>>>>> 
>>>>>>> ++
>>>>>>> Corinne
>>>>>>> On Jan 6, 2014, at 4:33 PM, Lucas Holmquist <lholmqui at redhat.com> wrote:
>>>>>>> 
>>>>>>>> On Jan 6, 2014, at 10:21 AM, Summers Pittman <supittma at redhat.com> wrote:
>>>>>>>> 
>>>>>>>>> So in JS land and iOS land we have or will soon have OAuth2 handling.
>>>>>>>>> To handle OAuth2 a new API was created, AGAuthorizationModule.  I
>>>>>>>>> understand and agree with the separation of concerns between
>>>>>>>>> Authentication and Authorization, but I am worried that this introduces
>>>>>>>>> two APIs now.
>>>>>>>>> 
>>>>>>>>> Before Authz was added Authentication (login, logout, etc) and
>>>>>>>>> Authorization(here are my keys and permissions) were both handled by
>>>>>>>>> AGAuthenticationModules.  With Authz now being a thing we should
>>>>>>>>> probably remove and deprecate the authz parts of the old
>>>>>>>>> AuthenticationModules.
>>>>>>>>> 
>>>>>>>>> see iOS
>>>>>>>>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307
>>>>>>>>> 
>>>>>>>>> see Android
>>>>>>>>> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/pipeline/RestRunner.java#L319
>>>>>>>>> 
>>>>>>>>> see Javascript:  I couldn't actually find this in javascript…
>>>>>>>> We didn't have authz in our auth stuff,  so it made sense to create a separate thing.
>>>>>>>> 
>>>>>>>>> wdyt?
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> _______________________________________________
>>>>>>>>> aerogear-dev mailing list
>>>>>>>>> aerogear-dev at lists.jboss.org
>>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>>> 
>>>>>>>> _______________________________________________
>>>>>>>> aerogear-dev mailing list
>>>>>>>> aerogear-dev at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> aerogear-dev mailing list
>>>>>>> aerogear-dev at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>> 
>>>> 
>>> 
>> 
>> 
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev




More information about the aerogear-dev mailing list