[aerogear-dev] OAuth2, OpenID connect and AeroGear

Summers Pittman supittma at redhat.com
Thu Oct 9 08:30:04 EDT 2014 

On 10/08/2014 10:49 PM, Bruno Oliveira wrote:
> Good morning,
>
> Today we had a meeting to discuss some of the priorities for security on
> AeroGear[1]. One of the items is OAuth2 support. Currently we have
> several great examples and implementations for GDrive, flows for
> Keycloak and etc.
>
> Although is a bit confuse for developers getting started from scratch.
> I would like to keep our libaries aligned, considering the limitations
> of each technology of course, as well consolidate each flow[2].
>
> Also the team agreed that OpenID connect (with Facebook and Google) should be considered a low
> priority at the moment. That said I have some open questions:
>
> - Should we provide separated SDKs for OAuth2? Or let's put everything
> into *-auth and break into modules later?
*-auth should, IMHO, contain everything necessary to create an OAuth2 
connection to anything that isn't broken.  However, *-auth-facebook, 
*-auth-google, *-auth-herpDerpDeHur, etc may be useful to be full of 
convenience classes.

ON Android it may even be useful to have a *-auth-accountmanager to make 
working with Androids native token service easier.
>
> Note: Not only for Keycloak, but also compatible with other technologies
> like passport on Node.js. In the end, OAuth2 is just a protocol and
> should support other servers.
>
> - Should we provide examples for OpenID connect? Or abstractions?
>
> To track this issue, we have the following Jira[3] and another for
> OpenID connect[4]. Fell free to link to your respective project.
>
>
> [1] -
> http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerogear.2014-10-08-14.00.html
>
> [2] - https://gist.github.com/abstractj/04136c6df85cea5f35d1
>
> [3] - https://issues.jboss.org/browse/AGSEC-180
>
> [4] - https://issues.jboss.org/browse/AGSEC-190
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev


-- 
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.

More information about the aerogear-dev mailing list