Has anyone made a lib/plugin for this SSO/OAuth-type stuff
Warner Onstine
- I will need to be able to provide access to my web application
through iPhone/Android (and possibly other platforms)
- Want to do this through REST api calls
I've been using UserVoice, which has something similar:
http://developer.uservoice.com/docs/single-sign-on-how-to
Basically what you have is this:
api key
account key
then you construct a login (from an authenticated player) with:
player id
player name
expiration date
etc.
Then you encrypt this whole package and send it back to UserVoice
whenever they want to leave feedback so that they are authenticated
through our app and UserVoice uses those credentials.
What I was thinking was something like this:
- User logs in using iPhone
- It sends auth request
- app returns an auth key
- iPhone constructs requests and sends them in the JSON object
(probably encrypted like the above) for the server to decrypt
What I'm curious is:
a) has someone already written some lib like this
b) if not would this be a valuable plugin for other grails devs to use
Thanks!
-warner
Pete Doyle
--
You received this message because you are subscribed to the Google Groups "Grails Startup Support Group" group.
To post to this group, send email to grails-startup...@googlegroups.com.
To unsubscribe from this group, send email to grails-startup-suppo...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/grails-startup-support-group?hl=en.
Warner Onstine
> Hi Warner,
> I understand what UserVoice is doing- asking for the user's detail on each
> request so they don't need to have user accounts in their system (for Single
> Sign-On).
> At first glance, I'm guessing that's maybe not what you want?
> It looks like you'll have a mobile app which will be connecting to your own
> API. If so, it might more sense to store the user details in your web app.
> I'm currently doing this via Spring Security. Each API request from my
> mobile app authenticates against Spring Security, then I can just call
> springSecurityService.getCurrentUser() to get the user's details (vs.
> sending them in each request).
Yes, I was more interested in the idea of using tokens to authenticate
so that authentication could happen once (or weekly) rather than
trying to authenticate each time.
> I'm currently using basic auth (over HTTPS), but it'd be better to use OAuth
> (2.0). Unfortunately, I don't think there are any plugins for Grails yet.
> I think there's the start of one here:
> https://github.com/grails-plugins/grails-spring-security-oauth-provider
> Finishing the Grails plugin might end up being pretty easy since there's
> already a Spring Security module for OAuth 2.0:
> http://static.springsource.org/spring-security/oauth/oauth2.html
> To answer your question, yes, it'd be *very* valuable to have a nice OAuth
> 2.0 (Provider) plugin. I'd be happy to work a bit on that (I need it
> myself), though I'm not quite sure where to start yet.
Cool! Will have a look at those in the next few weeks. Thank you for
the links they should be helpful.
-warner