[aerogear-dev] Node.js / Passport.js thoughts (was: Re: OAuth2, OpenID connect and AeroGear)

Lucas Holmquist lholmqui at redhat.com
Thu Oct 30 14:21:57 EDT 2014 

> On Oct 30, 2014, at 2:20 PM, Matthias Wessendorf <matzew at apache.org> wrote:
> 
> 
> 
> On Thu, Oct 30, 2014 at 7:13 PM, Lucas Holmquist <lholmqui at redhat.com <mailto:lholmqui at redhat.com>> wrote:
> 
>> On Oct 30, 2014, at 9:41 AM, Matthias Wessendorf <matzew at apache.org <mailto:matzew at apache.org>> wrote:
>> 
>> Hello team!
>> 
>> On Thu, Oct 9, 2014 at 4:49 AM, Bruno Oliveira <bruno at abstractj.org <mailto:bruno at abstractj.org>> wrote:
>> Note: Not only for Keycloak, but also compatible with other technologies
>> like passport on Node.js. 
>> 
>> Great point on being compatible with passport.js! To ensure our OAuth2 client SDKs do work against node.js (w/ passport.js), how about we build a Node.js based version of our "Shoot-n-Share backend" ([1]), that is protected by Passport.js?
> 
> So to clear up some confusion that might be happening with what passport is, it is not an OAuth2 server thing.
> 
> it’s really just middleware(think of it as a servlet filter for you java weenies) for express.js,  and by using adapters(like a FB or google), it can secure RESTful endpoints in that express.js app.
> 
> I think the thing that we can do here is make a keycloack adapter for passport, using the OAuth2 protocol( similar to passports FB and google adapters );
> 
> +1 would be nice to get this in https://issues.jboss.org/browse/AGJS-252 <https://issues.jboss.org/browse/AGJS-252>
> 
> On short term, it would be possible to use their existing adapters for FB/Google and protect the node.js backend with these adapters, right ?

i think we can do that

> 
> 
> Sounds like the AGJS-252 is the ultimate solution we want, but I think for a quick test/verification (or even example) of our Android/iOS OAuth2 clients, using the FB/Google adapters from passprt.js would be a good first start ?
> 
> -Matthias
> 
> 
> 
>  
> 
> 
> 
>> 
>> It could be a (simple) a 'clone' of our java version. I think for Luke, our Node.js pro, it would be a fairly simple task :)
>> 
>> On the client side, the Android/iOS versions of Shoot-n-Share would simply offer a new upload target for Passport.js, instead of 'just' FB, Google-Drive and Keycloak.
>> 
>> That way we will also learn how much Passport.js is actually different, similar to what we learned on how Google/FB are different ;-)
>> 
>> Another interesting aspect of this is that, once we are ready to release our OAuth2 SDKs, it would be awesome to actually ship a node.js based demo as well, instead of just a Java-based backend demo. That would clearly show, our client libs are working across different backend technologies.
>> 
>> Any thoughts?
>> 
>> -Matthias
>> 
>> 
>> [1] https://github.com/aerogear/aerogear-backend-cookbook/tree/master/Shoot <https://github.com/aerogear/aerogear-backend-cookbook/tree/master/Shoot>
>> 
>> 
>>  
>> In the end, OAuth2 is just a protocol and
>> should support other servers.
>> 
>> - Should we provide examples for OpenID connect? Or abstractions?
>> 
>> To track this issue, we have the following Jira[3] and another for
>> OpenID connect[4]. Fell free to link to your respective project.
>> 
>> 
>> [1] -
>> http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerogear.2014-10-08-14.00.html <http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerogear.2014-10-08-14.00.html>
>> 
>> [2] - https://gist.github.com/abstractj/04136c6df85cea5f35d1 <https://gist.github.com/abstractj/04136c6df85cea5f35d1>
>> 
>> [3] - https://issues.jboss.org/browse/AGSEC-180 <https://issues.jboss.org/browse/AGSEC-180>
>> 
>> [4] - https://issues.jboss.org/browse/AGSEC-190 <https://issues.jboss.org/browse/AGSEC-190>
>> --
>> 
>> abstractj
>> PGP: 0x84DC9914
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev <https://lists.jboss.org/mailman/listinfo/aerogear-dev>
>> 
>> 
>> 
>> -- 
>> Matthias Wessendorf 
>> 
>> blog: http://matthiaswessendorf.wordpress.com/ <http://matthiaswessendorf.wordpress.com/>
>> sessions: http://www.slideshare.net/mwessendorf <http://www.slideshare.net/mwessendorf>
>> twitter: http://twitter.com/mwessendorf <http://twitter.com/mwessendorf>_______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev <https://lists.jboss.org/mailman/listinfo/aerogear-dev>
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/aerogear-dev <https://lists.jboss.org/mailman/listinfo/aerogear-dev>
> 
> 
> 
> -- 
> Matthias Wessendorf 
> 
> blog: http://matthiaswessendorf.wordpress.com/ <http://matthiaswessendorf.wordpress.com/>
> sessions: http://www.slideshare.net/mwessendorf <http://www.slideshare.net/mwessendorf>
> twitter: http://twitter.com/mwessendorf <http://twitter.com/mwessendorf>_______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/aerogear-dev <https://lists.jboss.org/mailman/listinfo/aerogear-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141030/6433f25d/attachment-0001.html

More information about the aerogear-dev mailing list