[aerogear-dev] Node.js / Passport.js thoughts (was: Re: OAuth2, OpenID connect and AeroGear)

Matthias Wessendorf matzew at apache.org
Thu Oct 30 14:20:04 EDT 2014 

On Thu, Oct 30, 2014 at 7:13 PM, Lucas Holmquist <lholmqui at redhat.com>
wrote:

>
> On Oct 30, 2014, at 9:41 AM, Matthias Wessendorf <matzew at apache.org>
> wrote:
>
> Hello team!
>
> On Thu, Oct 9, 2014 at 4:49 AM, Bruno Oliveira <bruno at abstractj.org>
> wrote:
>
>> Note: Not only for Keycloak, but also compatible with other technologies
>> like passport on Node.js.
>
>
> Great point on being compatible with passport.js! To ensure our OAuth2
> client SDKs do work against node.js (w/ passport.js), how about we build a
> Node.js based version of our "Shoot-n-Share backend" ([1]), that is
> protected by Passport.js?
>
>
> So to clear up some confusion that might be happening with what passport
> is, it is not an OAuth2 server thing.
>
> it’s really just middleware(think of it as a servlet filter for you java
> weenies) for express.js,  and by using adapters(like a FB or google), it
> can secure RESTful endpoints in that express.js app.
>
> I think the thing that we can do here is make a keycloack adapter for
> passport, using the OAuth2 protocol( similar to passports FB and google
> adapters );
>

+1 would be nice to get this in https://issues.jboss.org/browse/AGJS-252

On short term, it would be possible to use their existing adapters for
FB/Google and protect the node.js backend with these adapters, right ?


Sounds like the AGJS-252 is the ultimate solution we want, but I think for
a quick test/verification (or even example) of our Android/iOS OAuth2
clients, using the FB/Google adapters from passprt.js would be a good first
start ?

-Matthias





>
>
>
>
> It could be a (simple) a 'clone' of our java version. I think for Luke,
> our Node.js pro, it would be a fairly simple task :)
>
> On the client side, the Android/iOS versions of Shoot-n-Share would simply
> offer a new upload target for Passport.js, instead of 'just' FB,
> Google-Drive and Keycloak.
>
> That way we will also learn how much Passport.js is actually different,
> similar to what we learned on how Google/FB are different ;-)
>
> Another interesting aspect of this is that, once we are ready to release
> our OAuth2 SDKs, it would be awesome to actually ship a node.js based demo
> as well, instead of just a Java-based backend demo. That would clearly
> show, our client libs are working across different backend technologies.
>
> Any thoughts?
>
> -Matthias
>
>
> [1]
> https://github.com/aerogear/aerogear-backend-cookbook/tree/master/Shoot
>
>
>
>
>> In the end, OAuth2 is just a protocol and
>> should support other servers.
>>
>> - Should we provide examples for OpenID connect? Or abstractions?
>>
>> To track this issue, we have the following Jira[3] and another for
>> OpenID connect[4]. Fell free to link to your respective project.
>>
>>
>> [1] -
>>
>> http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerogear.2014-10-08-14.00.html
>>
>> [2] - https://gist.github.com/abstractj/04136c6df85cea5f35d1
>>
>> [3] - https://issues.jboss.org/browse/AGSEC-180
>>
>> [4] - https://issues.jboss.org/browse/AGSEC-190
>> --
>>
>> abstractj
>> PGP: 0x84DC9914
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>  _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141030/e2d1a657/attachment.html

More information about the aerogear-dev mailing list