Stateless Social Login

10 views
Skip to first unread message

Vincent Ferries

unread,
Jul 8, 2014, 5:48:43 AM7/8/14
to agora...@googlegroups.com
Hi there,

Excuse me if the question seems dumb, but I'm trying to use social authentication for a completely stateless server architecture.

I know the OAuth authentification mecanism is supposed to be stateful. In fact, the only state to memorize on the server side is the mapping to the secret returned by the OAuth provider.
Is there actually a way to bind this information in a statefull bean, or cache or database providing a stateless authentication workflow in Agorava?

I tried but didn't manage to succeed yet.

(I've seen the presumably closed issue on stateless nature in Agorava, but I don't think this problem is really closed yet)

Thanks in advance,

Vincent

Antoine Sabot-Durand

unread,
Jul 10, 2014, 7:45:07 AM7/10/14
to agora...@googlegroups.com
Hi Vincent,


As you mentioned OAuth workflow couldn’t be totally stateless since server should remember the status of client workflow when the browser come back to the Agorava application.

This said, Agorava provides a stateless mode : a mode not tied to Http Session. By changing the OauthSession resolver you can use one of these mode (by using request parameter or a cookie).

Change the resolver in agoravara.propertes to activate the right mode as stated in the getting started doc : http://agorava.org/doc/getting-started/ (check the « choose your OAuthSession resolver » section).

This said, I recommend that you use latest Agorava Snapshot because I corrected a lot of bugs in the resolver engine. you can access the 0.7.1-SNAPSHOT by adding this repo to your maven project pom.xml or your maven settings.xml :

<repository>
          <id>agorava-snapshot-repo</id>
          <name>Agorava Snapshot Repository</name>
          <layout>default</layout>
          <releases>
            <enabled>false</enabled>
          </releases>
          <snapshots>
            <enabled>true</enabled>
          </snapshots>
 </repository>

If you can wait a few days I should release next version next week, it’ll include these bug fixing.


Antoine

 



--
You received this message because you are subscribed to the Google Groups "Agorava Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to agorava-dev...@googlegroups.com.
To post to this group, send email to agora...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/agorava-dev/83ec3c34-ac7e-4f3b-bc94-3daf0ae71829%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

signature.asc
Reply all
Reply to author
Forward
0 new messages