[aerogear-dev] OAuth2 authotization and Pipe integration

Lucas Holmquist lholmqui at redhat.com
Thu May 15 12:12:17 EDT 2014


for js we don’t have refresh tokens,  for security reasons.


I know with googles js api,  they do a background refresh( iframe stuff ).


go for it


On May 15, 2014, at 12:08 PM, Corinne Krych <corinnekrych at gmail.com> wrote:

> So seamless refreshing token but declarative token initial request. Right?
> #agreed seamless refresh
> decalrative auhz request and revoke request.
> If we all agree (JS included) I’ll create an iOS JIRA ticket and go for it.
> 
> JS folks, wdyt?
> 
> ++
> Corinne
> On 15 May 2014, at 17:44, Summers Pittman <supittma at redhat.com> wrote:
> 
>> I don't like it because it moves the concerns of bad accounts, account creation, authorization lifecycle error handling into the failure method of the pipe callback.  Those concerns don't belong there.
>> 
>> However I am fine with the module refreshing the accesstoken if a refresh token is provided.  If an error happens then that is something more "in line" with reasonable expectations for a authorized request.
>> 
>> 
>> On Thu 15 May 2014 03:56:28 AM EDT, Corinne Krych wrote:
>>> Hello folks
>>> 
>>> I’ve been thinking about providing a more fluid integration between authz and pipes.
>>> 
>>> Right now to read a list of GoogleDrive document, we need to read the pipe in the success callback of authz’ requestAccess:
>>> 
>>>    AGAuthorizer* authorizer = [AGAuthorizer authorizer];
>>>    _restAuthzModule = [authorizer authz:^(id<AGAuthzConfig> config) {
>>>         ...
>>>    }];
>>> 
>>>    [_restAuthzModule requestAccessSuccess:^(id object) {
>>>      		 id<AGPipe> documents = [googleDocuments pipe:^(id<AGPipeConfig> config) {
>>>       		 [config setName:@"files"];
>>>       		 [config setAuthzModule:authzModule]; // inject authz
>>>     		 }];
>>> 
>>>   		 [documents read:^(id responseObject) {
>>>        		// do sth with response
>>>   		 } failure:^(NSError *error) {
>>>       			 // when an error occurs...
>>>   		 }];
>>>    } failure:^(NSError *error) {
>>>        NSLog(@"Failure in getting access token");
>>>    }];
>>> 
>>> What about if we just initialize authzModule and inject it into pipe. Once the pipe read (or any crud) it will be the pipe that first fetch tokens (or  renew - whaetever is needed) and on success read the pipe. Basically we do the callback chaining internally in the Pipe instead of letting the developer deal with it.
>>> 
>>>    AGAuthorizer* authorizer = [AGAuthorizer authorizer];
>>>    _restAuthzModule = [authorizer authz:^(id<AGAuthzConfig> config) {
>>>         ...
>>>    }];
>>> 
>>>    id<AGPipe> documents = [googleDocuments pipe:^(id<AGPipeConfig> config) {
>>>      		 [config setName:@"files"];
>>>       		 [config setAuthzModule:authzModule]; // inject authz
>>>    }];
>>> 
>>>    [documents read:^(id responseObject) {
>>>        		// do sth with response
>>>      } failure:^(NSError *error) {
>>>       			 // when an error occurs...
>>>    }];
>>> 
>>> It feels much fluid on the user.
>>> Doing so we “force” the app flow to ask token when it needs it, not in advance at startup of app. but i think this is good practice to lazy authz your app.
>>> 
>>> Thoughts?
>>> 
>>> Test repo can be found here:
>>> https://github.com/corinnekrych/aerogear-ios/blob/transparent.refresh/AeroGear-iOS/pipeline/AGRESTPipe.m#L169
>>> https://github.com/corinnekrych/aerogear-ios-cookbook-1/blob/AGIOS-145.refresh/GoogleDrive/GoogleDrive/AGViewController.m
>>> 
>>> ++
>>> Corinne
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> 
>> 
>> 
>> --
>> Summers Pittman
>>>> Phone:404 941 4698
>>>> Java is my crack.
>> 
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev




More information about the aerogear-dev mailing list