Hi team, I'd like to propose to do great changes on the OAuth module (cas-server-support-oauth).
So far, this module has two kinds of support : the client one (delegate authentication from CAS server to an OAuth provider) and the server one (CAS behaves like an OAuth server exposing the "authorization code" flow). * CLIENT Regarding the OAuth client support, there are few things in the module in fact (8 classes) : everything is indeed in my scribe-up library, a library built on top of Scribe to deal with OAuth authentication and user profile retrieval (~150 classes). But I have totally rebuilt scribe-up in a new library : pac4j : https://github.com/leleuj/pac4j. It not only supports OAuth protocol, but also CAS, OpenID and HTTP protocols (from client side) : more protocols could be added in the future. I also improved the core API to have something more simple, powerfull and unified accross all protocols (1 main interface with 3 methods). So I'd like to replace the current OAuth client support by a cas-server-support-pac4j module based on pac4j to support CAS/OAuth/OpenID client protocols. Hence, one CAS server could delegate authentication to Facebook, Twitter, myopenid.com or even another regular CAS server... * SERVER At that point, we should maybe rename the cas-server-support-oauth module as the cas-server-support-oauth-server module to avoid misunderstandings. For the OAuth server support, I'd like to : - leverage the confirmation screen timeout on the web session timeout (not the service ticket timeout) : see CAS-1282 - based the returned attributes for the /profile url on the associated service configuration (allowed attributes, anonymous...) What do you think ? Thanks. Best regards, Jérôme -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
