[security-dev] Resteasy 3.0-beta-2 released with OAuth2 support
Anil Saldhana
Anil.Saldhana at redhat.com
Wed Feb 20 11:31:55 EST 2013
I will be working with Bill to streamline our OAuth implementation. I
dont care if OAuth stays in RESTEasy or PicketLink as long as our users
have support for OAuth from JBoss community.
On 02/20/2013 09:55 AM, Bruno Oliveira wrote:
> 'kk what's the plan for PicketLink use amber
> (https://github.com/picketlink/picketlink/tree/master/oauth/src/main/java/org/picketlink/oauth/amber)
> or Bill's implementation?
>
> Or both?
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> On Wednesday, February 20, 2013 at 12:26 PM, Anil Saldhana wrote:
>
>> Hi Bruno,
>> I think that is the usecase for implicit grant type in OAuth2. It
>> is used when the client cannot save any secrets or tokens such as
>> Javascript applications.
>>
>> Regards,
>> Anil
>>
>> On 02/20/2013 05:42 AM, Bruno Oliveira wrote:
>>> Hi Anil,
>>>
>>> Are you thinking in something like this?
>>> https://developers.google.com/accounts/docs/OAuth2#clientside
>>>
>>> If yes, makes sense.
>>>
>>>
>>> --
>>> "The measure of a man is what he does with power" - Plato
>>> -
>>> @abstractj
>>> -
>>> Volenti Nihil Difficile
>>>
>>> On Tuesday, February 19, 2013 at 11:05 PM, Anil Saldhana wrote:
>>>
>>>> I am unsure if "implicit" usecase implies insecure. All it does is
>>>> avoids the intermediate
>>>> authorization code grant step. It is useful for Javascript applications
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20130220/61e39c6b/attachment.html
More information about the security-dev
mailing list