Rahul, Thanks for detailed proposal, I gone thru all the details. No changes in the current auth system, and achieving token based authentication looks a good idea to me.
Agree on all the details provided and will try to participate in the reviewing the design/implementation. +1. Rishi Solanki Manager, Enterprise Software Development HotWax Systems Pvt. Ltd. Direct: +91-9893287847 http://www.hotwaxsystems.com On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux < jacques.le.r...@les7arts.com> wrote: > We (I was then working with ilscipio) did something like that for a > client, and I agree it's the way to go. > > I mean that I agree with "We are not going to implement the Token Based > Authentication process at low level. Behind the scenes, we will be using > the current work flow as is" > > Disclaimer: I did not look into all details. Also we planned to use OpenId > but eventually the Token Based Authentication we used was specific and > proprietary to the client (this remembered me > http://markmail.org/message/7vtjvjomneimspvl) > > Jacques > > > > Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : > >> Hello All, >> Recently felt the need of Token Based Authentication process in Apache >> OfBiz while using OfBiz's business process offerings with standalone >> clients like Mobile Apps, Angular JS based apps running outside Apache >> OfBiz etc. >> >> What currently we are having in OfBiz is session based authentication >> process which is *stateful*. But while dealing with the independently >> running remote clients stateful authentication is not gonna work as we >> will >> not be using *server-browser session* anymore in those cases. >> >> Following are the initial draft & supporting documents to proceed further: >> >> - Token Based Authentication in Apache OfBiz >> < >> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv >> > >> - Token Based Authentication >> < >> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4 >> > >> - JSON Web Tokens >> < >> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit >> > >> - IETF's (Internet Engineering Task Force) Documentation for JSON Web >> Tokens >> < >> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1 >> > >> >> I would like to propose a requirement to implement this in OfBiz, & invite >> you all to provide valuable inputs to conclude the requirements & >> implementation plans. >> >> Thanks and Regards >> *Rahul Bhooteshwar* >> Enterprise Software Engineer >> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in >> innovative enterprise commerce solutions **powered by Apache OFBiz.* >> >> >