Re: [Architecture] [IAM] public SPA client app JS approach

2018-08-15 Thread Chinthaka Senanayaka 
Hi all,

PR #69  was sent to OpenID
Foundation's (OIDF) AppAuth-JS code to fix a bug and it was closed saying
the PR code will be unnecessary because of the future intended code
changes. But this bug is an blocking issue for the OIDC flow. Thus further
discussion was carried out and CLA (Contribution License Agreement) was
filled and sent to get our code fixes merged.

Further approach changes discussed internally is to have 3 libraries as
extensions to the AppAuth-JS to have OIDC logout, PKCE and userInfo. This
may be given to OIDF. Currently coding for these 3 libraries are done in
the wso2is-client wrapper app, and in future we have to get that coding in
to those 3 libraries. Once OIDF contributor membership is taken we will
follow up on this.


On Fri, Aug 10, 2018 at 10:47 AM, Chinthaka Senanayaka 
wrote:

> + Sagara, Ruwan and Rohan
>
> Sorry, your reply's text is not clear and it shows one line on top of
> another line. May be a Gmail bug.
>
> Answer to your question: We will not continue editing AppAuth-JS lib. Thus
> we will have an extension library to AppAuth-JS with logout, PKCE, userInfo
> functionalities. But this is subjected to discussion because maintenance of
> this extension library is also a concern.
>
>
> On Fri, Aug 10, 2018 at 9:57 AM, Chinthaka Senanayaka  > wrote:
>
>> Hi Dakshika,
>>
>> Yes, as per them even logout and most of the other parts of OIDC spec are
>> not in their architectural roadmap.
>>
>> On Thu, Aug 9, 2018 at 11:52 PM, Dakshika Jayathilaka 
>> wrote:
>>
>>> Hi Chinthaka,
>>>
>>> Seems AppAuth-JS closed the PR without merging.
>>>
>>> https://github.com/openid/AppAuth-JS/pull/67#issuecomment-411537622
>>>
>>>
>>>
>>>
>>>
>>> Is that possible to implement without forking the base lib?
>>>
>>> Regards,
>>>
>>> *Dakshika Jayathilaka*
>>> PMC Member & Committer of Apache Stratos
>>> Associate Technical Lead
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>> 0771100911
>>>
>>>
>>> On Mon, Jul 30, 2018 at 2:29 PM Chinthaka Senanayaka <
>>> chintha...@wso2.com> wrote:
>>>
 Hi all,

 I am writing a wrapper library (JS node module) to hide complexities of
 integrating public client apps with OIDC flows (implicit and auth with
 PKCE) with WSO2 IS.

 We selected AppAuth-JS library 
 as base OIDC library and will wrap this with our library (named as
 wso2is-client). And this is the only library we could find which supports
 implicit and PKCE flows in a maintainable way.

 Below sequence diagrams depict our approach.



 With this, we can give the public client app developer an easy way to
 integrate with WSO2 IS OIDC flows.

 Limitations of the AppAuth-Js library:
 1. For now we will use browser redirection based authentication only
 since AppAuth-JS library supports only that (no popup and iframe
 approaches).
 2. At the same time, AppAuth-JS library uses Jquery base Ajax requests.
 Thus we have to follow that as well.

 Besides, we will send a PR to Google's AppAuth-JS library
  with some supporting features
 and our library code PR will also be available for review. And we welcome
 for any improvement points made by you in architecture level as well as
 coding level.

 Anyway, if you have any comments for us to improve, please reply.

 Furthermore, there will be some sample apps to show how to integrate
 wso2is-client node module library and documentations as well.

 --
 Thanks,
 Chinthaka Senanayaka
 Technical Lead - Engineering | WSO2

 Email: chintha...@wso2.com
 Mobile: +94 77 11 99 603
 Web: http://wso2.com

 [image: http://wso2.com/signature] 

>>>
>>
>>
>> --
>> Thanks,
>> Chinthaka Senanayaka
>> Technical Lead - Engineering | WSO2
>>
>> Email: chintha...@wso2.com
>> Mobile: +94 77 11 99 603
>> Web: http://wso2.com
>>
>> [image: http://wso2.com/signature] 
>>
>
>
>
> --
> Thanks,
> Chinthaka Senanayaka
> Mobile: +94 77 11 99 603
>



-- 
Thanks,
Chinthaka Senanayaka
Technical Lead - Engineering | WSO2

Email: chintha...@wso2.com
Mobile: +94 77 11 99 603
Web: http://wso2.com

[image: http://wso2.com/signature] 
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [IAM] public SPA client app JS approach

2018-08-09 Thread Dakshika Jayathilaka 
Hi Chinthaka,

Seems AppAuth-JS closed the PR without merging.

https://github.com/openid/AppAuth-JS/pull/67#issuecomment-411537622





Is that possible to implement without forking the base lib?

Regards,

*Dakshika Jayathilaka*
PMC Member & Committer of Apache Stratos
Associate Technical Lead
WSO2, Inc.
lean.enterprise.middleware
0771100911


On Mon, Jul 30, 2018 at 2:29 PM Chinthaka Senanayaka 
wrote:

> Hi all,
>
> I am writing a wrapper library (JS node module) to hide complexities of
> integrating public client apps with OIDC flows (implicit and auth with
> PKCE) with WSO2 IS.
>
> We selected AppAuth-JS library  as
> base OIDC library and will wrap this with our library (named as
> wso2is-client). And this is the only library we could find which supports
> implicit and PKCE flows in a maintainable way.
>
> Below sequence diagrams depict our approach.
>
>
>
> With this, we can give the public client app developer an easy way to
> integrate with WSO2 IS OIDC flows.
>
> Limitations of the AppAuth-Js library:
> 1. For now we will use browser redirection based authentication only since
> AppAuth-JS library supports only that (no popup and iframe approaches).
> 2. At the same time, AppAuth-JS library uses Jquery base Ajax requests.
> Thus we have to follow that as well.
>
> Besides, we will send a PR to Google's AppAuth-JS library
>  with some supporting features and
> our library code PR will also be available for review. And we welcome for
> any improvement points made by you in architecture level as well as coding
> level.
>
> Anyway, if you have any comments for us to improve, please reply.
>
> Furthermore, there will be some sample apps to show how to integrate
> wso2is-client node module library and documentations as well.
>
> --
> Thanks,
> Chinthaka Senanayaka
> Technical Lead - Engineering | WSO2
>
> Email: chintha...@wso2.com
> Mobile: +94 77 11 99 603
> Web: http://wso2.com
>
> [image: http://wso2.com/signature] 
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture