A while back, I had implemented an oauth2 sling authentication handler for a private project. If you have interest in seeing the code I could probably find it again.
I used the scribejava library from [1] to do most of the oauth2 heavy lifting and it seemed to work pretty well for hooking into google/facebook/twitter authentication. And for storage of the secure tokens used between the oauth2 conversations, I used a variation of the TokenStore class (see similar in the sling form auth bundle) to provide the secure token hash implementation/storage used by the OAuthAuthenticationHandler to generate, validate and persist the secure tokens. 1. https://github.com/scribejava/scribejava -Eric Norman On Wed, Jun 6, 2018 at 11:37 AM, Ioan Eugen Stan <[email protected]> wrote: > Hi, > > I think you should store it in memory. Use a hashmap or something. > > Make it work and then optimize. The check should be very fast so don't > worry about it. > > In case you do need to store it, use jcr. > > Always delay optimisations. Caching is an optimization. > > > Eugen Stan > Netdava International > > Mesaj original > De la: [email protected] > Trimis: 6 iunie 2018 21:08 > Către: [email protected] > Răsp. la: [email protected] > Subiect: [Dev][GSoC] Using a cache to store a string value > > Hi all, > > I am implementing OpenID Connect protocol for Sling. First, Sling is > sending an authorization request to Google( OpenID Connect Provider - OP). > This request contains an attribute call state. State is a string object. > > If the authorization is successful Google will send a response with an > authorization code. This response contains the same attribute state. This > state value and the request's state value must be same. Then only we can > validate the response. > > To implement the this, I need to store the first state value somewhere. The > authorization code is valid for like 5 minutes. So the state value is only > needed to be stored for like 5 minutes. Therefore I thought to use a simple > cache for this purpose. > > I would like to get your opinions for this. > > Thank You. > -- > *Hasini Witharana* > Undergraduate | Department of Computer Science and Engineering > University of Moratuwa > Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/> >
