[aerogear-dev] Cordova Ouath2 plugin using Google Play Services
Daniel Passos
daniel at passos.me
Wed Feb 25 13:44:28 EST 2015
Hey Brian,
You can. but not necessarily need do that.. You can create your own
workflow.
Just implement your own:
-
OAuth2AuthroizationConfigurationProvider
-
AuthorizationConfiguration
- AuthzModule.java
And let the AuthorizationManager know[1] your new Authz
AuthorizationManager.registerConfigurationProvider(YourNewAuthorizationConfiguration,
new YourNewOAuth2AuthroizationConfigurationProvider)
[1]
https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-android-authz/src/main/java/org/jboss/aerogear/android/authorization/AuthorizationManager.java#L37-L41
-- Passos
On Wed, Feb 25, 2015 at 3:30 PM, Brian Leathem <bleathem at gmail.com> wrote:
> ... and the devil is in the details.
>
> It seems as though all the current AuzthzModules use an http based
> approach to requesting an Oauth2 token. I see this being done in
> OAuth2WebFragmentFetchAutorization#doAuthorization method, where an
> OAuthWebViewDialog is used to trigger the Oauth2 token request.
>
> To use Google Play services to trigger an Oauth2 token request, we won't
> use an http approach, but rather we start an activity to select an account
> and request an Oauth2 token. Once the token is retrieved it can then be
> used with the standard http Oauth2 API.
>
> (One caveat: the google play services token response doesn't provide a
> refresh token. I believe this to be a non-issue as the token request
> process is trivial when using google play services (no authentication
> step)).
>
> I see to ways to implement this feature:
>
> 1) Generalize the OAuth2WebFragmentFetchAutorization into an interface,
> and have one implementation to handle http-based token requests, and second
> implementation to handle intent-based token requests.
>
> 2) Add a OAuth2AuthorizationConfiguration option to use intents instead of
> http, and trigger a different workflow within the
> OAuth2WebFragmentFetchAutorization#doAuthorization method if that config is
> set.
>
> My preference is for 2) because it's a) simpler, and b) it is really only
> during the #doAuthorization method that we have a different approach.
>
> Thoughts? I'll start with implementing approach (2) unless I hear
> otherwise.
>
> Brian
>
>
> On 2015-02-24 07:25 PM, Matthias Wessendorf wrote:
>
>
>
> On Wednesday, February 25, 2015, Daniel Passos <daniel at passos.me> wrote:
>
>> No, we are not using Google Play services API for now for OAuth2 in
>> Android land.
>>
>> But feel free create a new AuthzModule[1] for it ;)
>>
>
> +1
>
>
>>
>> [1]
>> https://github.com/aerogear/aerogear-android-authz/blob/master/aerogear-android-authz/src/main/java/org/jboss/aerogear/android/authorization/AuthzModule.java
>>
>> -- Passos
>>
>>
>> On Tue, Feb 24, 2015 at 4:01 PM, Sebastien Blanc <scm.blanc at gmail.com>
>> wrote:
>>
>>> Cool stuff Brian !
>>> The AeroGear OAuth2 Cordova plugin relies on the Native AeroGear OAuth2
>>> Libraries, so maybe Summers and/or Daniel could tell more about it.
>>> Sebi
>>>
>>>
>>> On Tue, Feb 24, 2015 at 7:46 PM, Brian Leathem <bleathem at gmail.com>
>>> wrote:
>>>
>>>> Hey gear-heads,
>>>>
>>>> I recently wrote a Cordova plugin that retrieves a Oauth2 token on
>>>> Android using Google Play Services. The advantage of this approach is
>>>> it leverages the single-sign-on capabilities of android, and the app can
>>>> retrieve the Oauth2 token without requiring Authentication from the
>>>> user. I blogged about it here:
>>>>
>>>> http://www.bleathem.ca/blog/2015/02/cordova-oauth-google-services.html
>>>>
>>>> Using a promise-based API it's fairly trivial to fallback to a
>>>> traditional Web authentication/authorisation for the Oauth2 token when
>>>> the google-play-services approach isn't supported.
>>>>
>>>> I'm aware the aerogear team has a Oauth2 cordova plugin [1], but it's
>>>> not clear to me if the google-play-services integration is supported.
>>>> If the Aerogeam would find it useful, I'd be more than happy to provide
>>>> a PR to the aerogear cordova plugin providing such integration.
>>>>
>>>> Thoughts?
>>>> Brian
>>>>
>>>> [1]
>>>>
>>>> http://staging-aerogearsite.rhcloud.com/docs/specs/aerogear-cordova/OAuth2.html
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>
> --
> Sent from Gmail Mobile
>
>
> _______________________________________________
> aerogear-dev mailing listaerogear-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150225/0103f065/attachment.html
More information about the aerogear-dev
mailing list