On 22/01/13 18:58, Craig McClanahan wrote:
On Tue, Jan 22, 2013 at 9:10 AM, Sergey Beryozkin<[email protected]>wrote:
Yes, the only limitation in CXF at the moment is that it does it with a
sequence of forms, whereas you'd like to have a single form asking for both
authentication credentials and the authorization approval/denial in the
same/single view - obviously a presentation builder would need to know
somehow of the authentication scheme supported by AS.
I need to think a bit more about it.
Thanks, Sergey
At the end of the day, what I'm trying to do is set up a "mock" version of
Salesforce, including a couple of dummy services, for the purposes of
exercising our OAuth client code against something easy to set up in a CI
environment. I was delighted to see that I might not have to implement all
the server side logic, but need to figure out a way around this one.
I'll experiment with the way Salesforce does it; I might just add a
property to AS that will let users configure it to accept
unauthenticated requests in which case it will set a flag for the
presentation layer to know it needs to offer an authentication option
alongside the authorization data - the way things are done now, it is
completely up to the security layer how to collect the authentication
credentials, but I guess when it is well known that say Basic Auth is
used then this composite presentation option is also possible, I'll look
into it
BTW, do you know of any open sourced sample apps that use the OAuth 2
stuff? It's always interesting to learn from how other people have used it.
Apache Oltu (formerly Amber) may be of help too, there are few
differences in the way OAuth2 is implemented there, but check them out
please too - there could be some relevant demos
Cheers, Sergey
Craig
