[security-dev] Resteasy 3.0-beta-2 released with OAuth2 support
Bill Burke
bburke at redhat.com
Thu Feb 21 09:58:22 EST 2013
I'm not married to where the code lives, but I'm leaning towards it
being a Resteasy project as its something I want to promote and maintain
as a solution in the overall REST architecture.
On 2/20/2013 11:31 AM, Anil Saldhana wrote:
> I will be working with Bill to streamline our OAuth implementation. I
> dont care if OAuth stays in RESTEasy or PicketLink as long as our users
> have support for OAuth from JBoss community.
>
> On 02/20/2013 09:55 AM, Bruno Oliveira wrote:
>> 'kk what's the plan for PicketLink use amber
>> (https://github.com/picketlink/picketlink/tree/master/oauth/src/main/java/org/picketlink/oauth/amber)
>> or Bill's implementation?
>>
>> Or both?
>>
>> --
>> "The measure of a man is what he does with power" - Plato
>> -
>> @abstractj
>> -
>> Volenti Nihil Difficile
>>
>> On Wednesday, February 20, 2013 at 12:26 PM, Anil Saldhana wrote:
>>
>>> Hi Bruno,
>>> I think that is the usecase for implicit grant type in OAuth2. It
>>> is used when the client cannot save any secrets or tokens such as
>>> Javascript applications.
>>>
>>> Regards,
>>> Anil
>>>
>>> On 02/20/2013 05:42 AM, Bruno Oliveira wrote:
>>>> Hi Anil,
>>>>
>>>> Are you thinking in something like this?
>>>> https://developers.google.com/accounts/docs/OAuth2#clientside
>>>>
>>>> If yes, makes sense.
>>>>
>>>>
>>>> --
>>>> "The measure of a man is what he does with power" - Plato
>>>> -
>>>> @abstractj
>>>> -
>>>> Volenti Nihil Difficile
>>>>
>>>> On Tuesday, February 19, 2013 at 11:05 PM, Anil Saldhana wrote:
>>>>
>>>>> I am unsure if "implicit" usecase implies insecure. All it does is
>>>>> avoids the intermediate
>>>>> authorization code grant step. It is useful for Javascript applications
>>>>
>>>
>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list