[security-dev] IDM Use Case : Registering OAuth2 Applications

Shane Bryzak sbryzak at redhat.com
Wed Nov 14 17:15:04 EST 2012


I think this might be something that we would model parallel to the IDM 
identity model.

On 11/15/2012 07:46 AM, Anil Saldhana wrote:
> It has a different meaning I think. Not sure. See below.
>
> This is how it is in layman terms:
>
> Twitter is the OAuth2 provider.  Tweetdeck, hootsuite,twitter mobile app
> etc are registered applications at Twitter developer site.
> They get a consumer key and a secret from twitter to identify them.
>
> On thinking further, I am wondering maybe we can model this as a
> TwitterRegisteredApplicationsRealm under which we register application(s).
>
>
> On 11/14/2012 03:29 PM, Shane Bryzak wrote:
>> Is Application in this instance synonymous with the Application that
>> we've been discussing the last couple of days?  Or does it have a
>> different meaning?
>>
>> On 11/15/2012 06:56 AM, Anil Saldhana wrote:
>>> Shane/Pedro,
>>>       what do you think about this issue?  There is no real user involved.
>>> It is the registration of an OAuth2 mobile/desktop
>>> application at the provider.
>>>
>>> Regards,
>>> Anil
>>>
>>> On 11/08/2012 08:41 AM, Anil Saldhana wrote:
>>>> This use case is primarily for OAuth2 style interactions.  There is a
>>>> need to register a OAuth2 application at the OAuth2 provider (such as
>>>> Facebook, Twitter etc).
>>>>
>>>> The registration of the application is very similar to a User.
>>>> https://github.com/picketlink/picketlink/blob/master/oauth/src/main/java/org/picketlink/oauth/registration/RegistrationEndpoint.java
>>>>
>>>> The method register()  has me using IDM User API to register a Client
>>>> Application with clientname and using attributes for redirect_url and
>>>> description and stuff.
>>>>
>>>> How do we modify the IDM API for Application registration?
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev



More information about the security-dev mailing list