[aerogear-dev] Auth Authz and OAuth
Christos Vasilakis
cvasilak at gmail.com
Mon Jan 20 13:48:09 EST 2014
On Jan 6, 2014, at 5:48 PM, Corinne Krych <corinnekrych at gmail.com> wrote:
> Agreed. We could find a common way to treat both tokens and apply them.
@summers continue on the discussion we had on our meeting, per OAuthz workflow req. a separate AGAuthzModule has been created [1] since the original AuthenticationModule[2] interface couldn’t accommodate it. Since the end-result for both is ‘modifying’ the request (currently headers but possible in the future body) prior on performing the operation would be interesting if we can somehow encapsulate this common ‘behaviour’ and have those separate AuthModule and AuthzModule inherit from.
would be interesting to know your idea on this
Regards,
-
Christos
[1] https://github.com/corinnekrych/aerogear-ios/blob/bd579a8f0ef407cfe7fd50e4ed741d0041e3810f/AeroGear-iOS/AeroGear-iOS/security/Authorizer/AGAuthzModule.h
[2] https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/security/AGAuthenticationModule.h
> Make a proposal for android and I'll create a JIRA for iOS.
> this is at implementation level though and should not affect interfaces.
> Different interfaces still needed for auth and authz though.
>
> ++
> Corinne
> On Jan 6, 2014, at 4:39 PM, Summers Pittman <supittma at redhat.com> wrote:
>
>> On Mon 06 Jan 2014 10:36:32 AM EST, Corinne Krych wrote:
>>> Summers,
>>>
>>> Do you mean, should we refactor and treat authToken and accessTokens in a similar way for the implementation of OAuth2?
>>
>> Yes. That is what I am proposing.
>>
>>>
>>> ++
>>> Corinne
>>> On Jan 6, 2014, at 4:33 PM, Lucas Holmquist <lholmqui at redhat.com> wrote:
>>>
>>>>
>>>> On Jan 6, 2014, at 10:21 AM, Summers Pittman <supittma at redhat.com> wrote:
>>>>
>>>>> So in JS land and iOS land we have or will soon have OAuth2 handling.
>>>>> To handle OAuth2 a new API was created, AGAuthorizationModule. I
>>>>> understand and agree with the separation of concerns between
>>>>> Authentication and Authorization, but I am worried that this introduces
>>>>> two APIs now.
>>>>>
>>>>> Before Authz was added Authentication (login, logout, etc) and
>>>>> Authorization(here are my keys and permissions) were both handled by
>>>>> AGAuthenticationModules. With Authz now being a thing we should
>>>>> probably remove and deprecate the authz parts of the old
>>>>> AuthenticationModules.
>>>>>
>>>>> see iOS
>>>>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/pipeline/AGRESTPipe.m#L307
>>>>>
>>>>> see Android
>>>>> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/pipeline/RestRunner.java#L319
>>>>>
>>>>> see Javascript: I couldn't actually find this in javascript…
>>>>
>>>> We didn't have authz in our auth stuff, so it made sense to create a separate thing.
>>>>
>>>>>
>>>>> wdyt?
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list