Hi Romain,

that makes sense, supporting the authorization code can be optional, note the providers can support only all non-redirection based grants or the code grants too, ex, JCacheOAuthDataProvider and JCacheCodeDataProvider.


I suppose the real challenge is how to auth the users (OAuth2 clients) at the /token level. For ex, in Fediz OIDC we'd connect to Syncope via CXF STS, with Syncope covering all the possible user storages.

Cheers, Sergey

On 13/01/17 13:05, Romain Manni-Bucau wrote:
Hi Sergey

Le 13 janv. 2017 12:25, "Sergey Beryozkin" <sberyoz...@gmail.com> a écrit :

Hi Romain

Thanks for sharing the links, looks interesting.

How do you plan to support the authorization_code grants ?


Not yet checked but guess we ll add the endpoints and probably a flag to
activate it or not.

What do you see as more challenging then /token?



Cheers, Sergey


On 12/01/17 16:19, Romain Manni-Bucau wrote:

Hi guys,

Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
experimental oauth2 module. It is "just" CXF oauth2 code setup as a runtime
and not a library.

I see it as an opportunity to make our both communities working more
closely, enhancing this feature to make it as close as possible as the
customers/users needs.

The snapshot doc (which is for now very light and mainly generated) is
available at
http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/

Don't heistate to let us know what you think about it.

PS: for people not reading docs here is the right url
http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trun
k/meecrowave-oauth2/
;)

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibuca
u> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
<https://javaeefactory-rmannibucau.rhcloud.com>





--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Reply via email to