You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Rahul Bhooteshwar <ra...@hotwaxsystems.com> on 2016/06/18 13:01:50 UTC
Token Based Authentication with Apache OfBiz
Hello All,
Recently felt the need of Token Based Authentication process in Apache
OfBiz while using OfBiz's business process offerings with standalone
clients like Mobile Apps, Angular JS based apps running outside Apache
OfBiz etc.
What currently we are having in OfBiz is session based authentication
process which is *stateful*. But while dealing with the independently
running remote clients stateful authentication is not gonna work as we will
not be using *server-browser session* anymore in those cases.
Following are the initial draft & supporting documents to proceed further:
- Token Based Authentication in Apache OfBiz
<https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
- Token Based Authentication
<https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
- JSON Web Tokens
<https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit>
- IETF's (Internet Engineering Task Force) Documentation for JSON Web
Tokens
<https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1>
I would like to propose a requirement to implement this in OfBiz, & invite
you all to provide valuable inputs to conclude the requirements &
implementation plans.
Thanks and Regards
*Rahul Bhooteshwar*
Enterprise Software Engineer
HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
innovative enterprise commerce solutions **powered by Apache OFBiz.*
Re: Token Based Authentication with Apache OfBiz
Posted by Deepak Dixit <de...@hotwaxsystems.com>.
Hi Jacques,
I am also working on JWT (Jason Web Token) mechanism. I'll share the JWT
design and detail
Sorry for too late reply.
Here is the ticket for this work
https://issues.apache.org/jira/browse/OFBIZ-9833
We can discuss more over ticket .
Thanks & Regards
--
Deepak Dixit
www.hotwaxsystems.com
www.hotwax.co
On Thu, Oct 5, 2017 at 1:49 AM, Jacques Le Roux <
jacques.le.roux@les7arts.com> wrote:
> Hi Rahul,
>
> Did you finally implement this? If yes could you contribute or share?
>
> I'm currently working on such a solution and would prefer to share before
> contributing my own
>
> Jacques
>
>
> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>
>> Hello All,
>> Recently felt the need of Token Based Authentication process in Apache
>> OfBiz while using OfBiz's business process offerings with standalone
>> clients like Mobile Apps, Angular JS based apps running outside Apache
>> OfBiz etc.
>>
>> What currently we are having in OfBiz is session based authentication
>> process which is *stateful*. But while dealing with the independently
>> running remote clients stateful authentication is not gonna work as we
>> will
>> not be using *server-browser session* anymore in those cases.
>>
>> Following are the initial draft & supporting documents to proceed further:
>>
>> - Token Based Authentication in Apache OfBiz
>> <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJq
>> kx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
>> - Token Based Authentication
>> <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcef
>> cg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
>> - JSON Web Tokens
>> <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987
>> Q7KBocWAGvss2p4N4fIM/edit>
>> - IETF's (Internet Engineering Task Force) Documentation for JSON Web
>> Tokens
>> <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUG
>> c/view?pref=2&pli=1>
>>
>> I would like to propose a requirement to implement this in OfBiz, & invite
>> you all to provide valuable inputs to conclude the requirements &
>> implementation plans.
>>
>> Thanks and Regards
>> *Rahul Bhooteshwar*
>> Enterprise Software Engineer
>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>
>>
>
Re: Token Based Authentication with Apache OfBiz
Posted by Jacques Le Roux <ja...@les7arts.com>.
Thanks for feedback Rishi
Jacques
Le 09/10/2017 à 16:33, Rishi Solanki a écrit :
> Jacques,
>
> I think you can go with your solution, as no updates on this since long.
>
> Rishi Solanki
> Sr Manager, Enterprise Software Development
> HotWax Systems Pvt. Ltd.
> Direct: +91-9893287847
> http://www.hotwaxsystems.com
> www.hotwax.co
>
> On Thu, Oct 5, 2017 at 1:49 AM, Jacques Le Roux <
> jacques.le.roux@les7arts.com> wrote:
>
>> Hi Rahul,
>>
>> Did you finally implement this? If yes could you contribute or share?
>>
>> I'm currently working on such a solution and would prefer to share before
>> contributing my own
>>
>> Jacques
>>
>>
>> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>>
>>> Hello All,
>>> Recently felt the need of Token Based Authentication process in Apache
>>> OfBiz while using OfBiz's business process offerings with standalone
>>> clients like Mobile Apps, Angular JS based apps running outside Apache
>>> OfBiz etc.
>>>
>>> What currently we are having in OfBiz is session based authentication
>>> process which is *stateful*. But while dealing with the independently
>>> running remote clients stateful authentication is not gonna work as we
>>> will
>>> not be using *server-browser session* anymore in those cases.
>>>
>>> Following are the initial draft & supporting documents to proceed further:
>>>
>>> - Token Based Authentication in Apache OfBiz
>>> <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJq
>>> kx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
>>> - Token Based Authentication
>>> <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcef
>>> cg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
>>> - JSON Web Tokens
>>> <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987
>>> Q7KBocWAGvss2p4N4fIM/edit>
>>> - IETF's (Internet Engineering Task Force) Documentation for JSON Web
>>> Tokens
>>> <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUG
>>> c/view?pref=2&pli=1>
>>>
>>> I would like to propose a requirement to implement this in OfBiz, & invite
>>> you all to provide valuable inputs to conclude the requirements &
>>> implementation plans.
>>>
>>> Thanks and Regards
>>> *Rahul Bhooteshwar*
>>> Enterprise Software Engineer
>>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>>
>>>
Re: Token Based Authentication with Apache OfBiz
Posted by Rishi Solanki <ri...@gmail.com>.
Jacques,
I think you can go with your solution, as no updates on this since long.
Rishi Solanki
Sr Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com
www.hotwax.co
On Thu, Oct 5, 2017 at 1:49 AM, Jacques Le Roux <
jacques.le.roux@les7arts.com> wrote:
> Hi Rahul,
>
> Did you finally implement this? If yes could you contribute or share?
>
> I'm currently working on such a solution and would prefer to share before
> contributing my own
>
> Jacques
>
>
> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>
>> Hello All,
>> Recently felt the need of Token Based Authentication process in Apache
>> OfBiz while using OfBiz's business process offerings with standalone
>> clients like Mobile Apps, Angular JS based apps running outside Apache
>> OfBiz etc.
>>
>> What currently we are having in OfBiz is session based authentication
>> process which is *stateful*. But while dealing with the independently
>> running remote clients stateful authentication is not gonna work as we
>> will
>> not be using *server-browser session* anymore in those cases.
>>
>> Following are the initial draft & supporting documents to proceed further:
>>
>> - Token Based Authentication in Apache OfBiz
>> <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJq
>> kx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
>> - Token Based Authentication
>> <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcef
>> cg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
>> - JSON Web Tokens
>> <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987
>> Q7KBocWAGvss2p4N4fIM/edit>
>> - IETF's (Internet Engineering Task Force) Documentation for JSON Web
>> Tokens
>> <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUG
>> c/view?pref=2&pli=1>
>>
>> I would like to propose a requirement to implement this in OfBiz, & invite
>> you all to provide valuable inputs to conclude the requirements &
>> implementation plans.
>>
>> Thanks and Regards
>> *Rahul Bhooteshwar*
>> Enterprise Software Engineer
>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>
>>
>
Re: Token Based Authentication with Apache OfBiz
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi Rahul,
Did you finally implement this? If yes could you contribute or share?
I'm currently working on such a solution and would prefer to share before contributing my own
Jacques
Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
> Hello All,
> Recently felt the need of Token Based Authentication process in Apache
> OfBiz while using OfBiz's business process offerings with standalone
> clients like Mobile Apps, Angular JS based apps running outside Apache
> OfBiz etc.
>
> What currently we are having in OfBiz is session based authentication
> process which is *stateful*. But while dealing with the independently
> running remote clients stateful authentication is not gonna work as we will
> not be using *server-browser session* anymore in those cases.
>
> Following are the initial draft & supporting documents to proceed further:
>
> - Token Based Authentication in Apache OfBiz
> <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
> - Token Based Authentication
> <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
> - JSON Web Tokens
> <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit>
> - IETF's (Internet Engineering Task Force) Documentation for JSON Web
> Tokens
> <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1>
>
> I would like to propose a requirement to implement this in OfBiz, & invite
> you all to provide valuable inputs to conclude the requirements &
> implementation plans.
>
> Thanks and Regards
> *Rahul Bhooteshwar*
> Enterprise Software Engineer
> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>
Re: Token Based Authentication with Apache OfBiz
Posted by gregory draperi <gr...@gmail.com>.
Hi Jacques,
Okay, so I misunderstood the goal. You can forget what I said :)
Still the article is really interesting :)
Cheers,
Gregory
2016-07-23 12:55 GMT+02:00 Jacques Le Roux <ja...@les7arts.com>:
> HI Gregory,
>
> If I'm not mistaken (I'll not do it) the idea is indeed to use tokens for
> one time authentication, but to then use OFBiz current work flow for the
> rest (ie handling sessions)
>
> Quoting below: "Behind the scenes, we will be using the current work flow
> as is"
>
> This is also what we did with the project I spoke about.
>
> Thanks for the article!
>
> Jacques
>
>
>
> Le 22/07/2016 à 15:53, gregory draperi a écrit :
>
>> Hi guys,
>>
>> JSON web tokens are suitable for one time authentication between parties
>> but they have important drawbacks if they are used as a session mechanism
>> (how to store them, not possible to invalidate one...)
>>
>> There is a nice article on this:
>> http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
>>
>> Best wishes,
>>
>> Gregory
>>
>>
>>
>> 2016-07-13 13:19 GMT+02:00 Rishi Solanki <ri...@gmail.com>:
>>
>> Rahul,
>>>
>>> Thanks for detailed proposal, I gone thru all the details. No changes in
>>> the current auth system, and achieving token based authentication looks a
>>> good idea to me.
>>>
>>> Agree on all the details provided and will try to participate in the
>>> reviewing the design/implementation.
>>>
>>>
>>> +1.
>>>
>>>
>>> Rishi Solanki
>>> Manager, Enterprise Software Development
>>> HotWax Systems Pvt. Ltd.
>>> Direct: +91-9893287847
>>> http://www.hotwaxsystems.com
>>>
>>> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux <
>>> jacques.le.roux@les7arts.com> wrote:
>>>
>>> We (I was then working with ilscipio) did something like that for a
>>>> client, and I agree it's the way to go.
>>>>
>>>> I mean that I agree with "We are not going to implement the Token Based
>>>> Authentication process at low level. Behind the scenes, we will be using
>>>> the current work flow as is"
>>>>
>>>> Disclaimer: I did not look into all details. Also we planned to use
>>>>
>>> OpenId
>>>
>>>> but eventually the Token Based Authentication we used was specific and
>>>> proprietary to the client (this remembered me
>>>> http://markmail.org/message/7vtjvjomneimspvl)
>>>>
>>>> Jacques
>>>>
>>>>
>>>>
>>>> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>>>>
>>>> Hello All,
>>>>> Recently felt the need of Token Based Authentication process in Apache
>>>>> OfBiz while using OfBiz's business process offerings with standalone
>>>>> clients like Mobile Apps, Angular JS based apps running outside Apache
>>>>> OfBiz etc.
>>>>>
>>>>> What currently we are having in OfBiz is session based authentication
>>>>> process which is *stateful*. But while dealing with the independently
>>>>> running remote clients stateful authentication is not gonna work as we
>>>>> will
>>>>> not be using *server-browser session* anymore in those cases.
>>>>>
>>>>> Following are the initial draft & supporting documents to proceed
>>>>>
>>>> further:
>>>
>>>> - Token Based Authentication in Apache OfBiz
>>>>> <
>>>>>
>>>>>
>>> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv
>>>
>>>> - Token Based Authentication
>>>>> <
>>>>>
>>>>>
>>> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4
>>>
>>>> - JSON Web Tokens
>>>>> <
>>>>>
>>>>>
>>> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit
>>>
>>>> - IETF's (Internet Engineering Task Force) Documentation for JSON
>>>>>
>>>> Web
>>>
>>>> Tokens
>>>>> <
>>>>>
>>>>>
>>> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1
>>>
>>>> I would like to propose a requirement to implement this in OfBiz, &
>>>>>
>>>> invite
>>>
>>>> you all to provide valuable inputs to conclude the requirements &
>>>>> implementation plans.
>>>>>
>>>>> Thanks and Regards
>>>>> *Rahul Bhooteshwar*
>>>>> Enterprise Software Engineer
>>>>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>>>>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>>>>
>>>>>
>>>>>
>>
>>
>
--
Grégory Draperi
Re: Token Based Authentication with Apache OfBiz
Posted by Jacques Le Roux <ja...@les7arts.com>.
HI Gregory,
If I'm not mistaken (I'll not do it) the idea is indeed to use tokens for one time authentication, but to then use OFBiz current work flow for the
rest (ie handling sessions)
Quoting below: "Behind the scenes, we will be using the current work flow as is"
This is also what we did with the project I spoke about.
Thanks for the article!
Jacques
Le 22/07/2016 � 15:53, gregory draperi a �crit :
> Hi guys,
>
> JSON web tokens are suitable for one time authentication between parties
> but they have important drawbacks if they are used as a session mechanism
> (how to store them, not possible to invalidate one...)
>
> There is a nice article on this:
> http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
>
> Best wishes,
>
> Gregory
>
>
>
> 2016-07-13 13:19 GMT+02:00 Rishi Solanki <ri...@gmail.com>:
>
>> Rahul,
>>
>> Thanks for detailed proposal, I gone thru all the details. No changes in
>> the current auth system, and achieving token based authentication looks a
>> good idea to me.
>>
>> Agree on all the details provided and will try to participate in the
>> reviewing the design/implementation.
>>
>>
>> +1.
>>
>>
>> Rishi Solanki
>> Manager, Enterprise Software Development
>> HotWax Systems Pvt. Ltd.
>> Direct: +91-9893287847
>> http://www.hotwaxsystems.com
>>
>> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux <
>> jacques.le.roux@les7arts.com> wrote:
>>
>>> We (I was then working with ilscipio) did something like that for a
>>> client, and I agree it's the way to go.
>>>
>>> I mean that I agree with "We are not going to implement the Token Based
>>> Authentication process at low level. Behind the scenes, we will be using
>>> the current work flow as is"
>>>
>>> Disclaimer: I did not look into all details. Also we planned to use
>> OpenId
>>> but eventually the Token Based Authentication we used was specific and
>>> proprietary to the client (this remembered me
>>> http://markmail.org/message/7vtjvjomneimspvl)
>>>
>>> Jacques
>>>
>>>
>>>
>>> Le 18/06/2016 � 15:01, Rahul Bhooteshwar a �crit :
>>>
>>>> Hello All,
>>>> Recently felt the need of Token Based Authentication process in Apache
>>>> OfBiz while using OfBiz's business process offerings with standalone
>>>> clients like Mobile Apps, Angular JS based apps running outside Apache
>>>> OfBiz etc.
>>>>
>>>> What currently we are having in OfBiz is session based authentication
>>>> process which is *stateful*. But while dealing with the independently
>>>> running remote clients stateful authentication is not gonna work as we
>>>> will
>>>> not be using *server-browser session* anymore in those cases.
>>>>
>>>> Following are the initial draft & supporting documents to proceed
>> further:
>>>> - Token Based Authentication in Apache OfBiz
>>>> <
>>>>
>> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv
>>>> - Token Based Authentication
>>>> <
>>>>
>> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4
>>>> - JSON Web Tokens
>>>> <
>>>>
>> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit
>>>> - IETF's (Internet Engineering Task Force) Documentation for JSON
>> Web
>>>> Tokens
>>>> <
>>>>
>> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1
>>>> I would like to propose a requirement to implement this in OfBiz, &
>> invite
>>>> you all to provide valuable inputs to conclude the requirements &
>>>> implementation plans.
>>>>
>>>> Thanks and Regards
>>>> *Rahul Bhooteshwar*
>>>> Enterprise Software Engineer
>>>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>>>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>>>
>>>>
>
>
Re: Token Based Authentication with Apache OfBiz
Posted by gregory draperi <gr...@gmail.com>.
Hi guys,
JSON web tokens are suitable for one time authentication between parties
but they have important drawbacks if they are used as a session mechanism
(how to store them, not possible to invalidate one...)
There is a nice article on this:
http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
Best wishes,
Gregory
2016-07-13 13:19 GMT+02:00 Rishi Solanki <ri...@gmail.com>:
> Rahul,
>
> Thanks for detailed proposal, I gone thru all the details. No changes in
> the current auth system, and achieving token based authentication looks a
> good idea to me.
>
> Agree on all the details provided and will try to participate in the
> reviewing the design/implementation.
>
>
> +1.
>
>
> Rishi Solanki
> Manager, Enterprise Software Development
> HotWax Systems Pvt. Ltd.
> Direct: +91-9893287847
> http://www.hotwaxsystems.com
>
> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux <
> jacques.le.roux@les7arts.com> wrote:
>
> > We (I was then working with ilscipio) did something like that for a
> > client, and I agree it's the way to go.
> >
> > I mean that I agree with "We are not going to implement the Token Based
> > Authentication process at low level. Behind the scenes, we will be using
> > the current work flow as is"
> >
> > Disclaimer: I did not look into all details. Also we planned to use
> OpenId
> > but eventually the Token Based Authentication we used was specific and
> > proprietary to the client (this remembered me
> > http://markmail.org/message/7vtjvjomneimspvl)
> >
> > Jacques
> >
> >
> >
> > Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
> >
> >> Hello All,
> >> Recently felt the need of Token Based Authentication process in Apache
> >> OfBiz while using OfBiz's business process offerings with standalone
> >> clients like Mobile Apps, Angular JS based apps running outside Apache
> >> OfBiz etc.
> >>
> >> What currently we are having in OfBiz is session based authentication
> >> process which is *stateful*. But while dealing with the independently
> >> running remote clients stateful authentication is not gonna work as we
> >> will
> >> not be using *server-browser session* anymore in those cases.
> >>
> >> Following are the initial draft & supporting documents to proceed
> further:
> >>
> >> - Token Based Authentication in Apache OfBiz
> >> <
> >>
> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv
> >> >
> >> - Token Based Authentication
> >> <
> >>
> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4
> >> >
> >> - JSON Web Tokens
> >> <
> >>
> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit
> >> >
> >> - IETF's (Internet Engineering Task Force) Documentation for JSON
> Web
> >> Tokens
> >> <
> >>
> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1
> >> >
> >>
> >> I would like to propose a requirement to implement this in OfBiz, &
> invite
> >> you all to provide valuable inputs to conclude the requirements &
> >> implementation plans.
> >>
> >> Thanks and Regards
> >> *Rahul Bhooteshwar*
> >> Enterprise Software Engineer
> >> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
> >> innovative enterprise commerce solutions **powered by Apache OFBiz.*
> >>
> >>
> >
>
--
Grégory Draperi
Re: Token Based Authentication with Apache OfBiz
Posted by Rishi Solanki <ri...@gmail.com>.
Rahul,
Thanks for detailed proposal, I gone thru all the details. No changes in
the current auth system, and achieving token based authentication looks a
good idea to me.
Agree on all the details provided and will try to participate in the
reviewing the design/implementation.
+1.
Rishi Solanki
Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com
On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux <
jacques.le.roux@les7arts.com> wrote:
> We (I was then working with ilscipio) did something like that for a
> client, and I agree it's the way to go.
>
> I mean that I agree with "We are not going to implement the Token Based
> Authentication process at low level. Behind the scenes, we will be using
> the current work flow as is"
>
> Disclaimer: I did not look into all details. Also we planned to use OpenId
> but eventually the Token Based Authentication we used was specific and
> proprietary to the client (this remembered me
> http://markmail.org/message/7vtjvjomneimspvl)
>
> Jacques
>
>
>
> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>
>> Hello All,
>> Recently felt the need of Token Based Authentication process in Apache
>> OfBiz while using OfBiz's business process offerings with standalone
>> clients like Mobile Apps, Angular JS based apps running outside Apache
>> OfBiz etc.
>>
>> What currently we are having in OfBiz is session based authentication
>> process which is *stateful*. But while dealing with the independently
>> running remote clients stateful authentication is not gonna work as we
>> will
>> not be using *server-browser session* anymore in those cases.
>>
>> Following are the initial draft & supporting documents to proceed further:
>>
>> - Token Based Authentication in Apache OfBiz
>> <
>> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv
>> >
>> - Token Based Authentication
>> <
>> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4
>> >
>> - JSON Web Tokens
>> <
>> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit
>> >
>> - IETF's (Internet Engineering Task Force) Documentation for JSON Web
>> Tokens
>> <
>> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1
>> >
>>
>> I would like to propose a requirement to implement this in OfBiz, & invite
>> you all to provide valuable inputs to conclude the requirements &
>> implementation plans.
>>
>> Thanks and Regards
>> *Rahul Bhooteshwar*
>> Enterprise Software Engineer
>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>
>>
>
Re: Token Based Authentication with Apache OfBiz
Posted by Jacques Le Roux <ja...@les7arts.com>.
We (I was then working with ilscipio) did something like that for a client, and I agree it's the way to go.
I mean that I agree with "We are not going to implement the Token Based Authentication process at low level. Behind the scenes, we will be using the
current work flow as is"
Disclaimer: I did not look into all details. Also we planned to use OpenId but eventually the Token Based Authentication we used was specific and
proprietary to the client (this remembered me http://markmail.org/message/7vtjvjomneimspvl)
Jacques
Le 18/06/2016 � 15:01, Rahul Bhooteshwar a �crit :
> Hello All,
> Recently felt the need of Token Based Authentication process in Apache
> OfBiz while using OfBiz's business process offerings with standalone
> clients like Mobile Apps, Angular JS based apps running outside Apache
> OfBiz etc.
>
> What currently we are having in OfBiz is session based authentication
> process which is *stateful*. But while dealing with the independently
> running remote clients stateful authentication is not gonna work as we will
> not be using *server-browser session* anymore in those cases.
>
> Following are the initial draft & supporting documents to proceed further:
>
> - Token Based Authentication in Apache OfBiz
> <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
> - Token Based Authentication
> <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
> - JSON Web Tokens
> <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit>
> - IETF's (Internet Engineering Task Force) Documentation for JSON Web
> Tokens
> <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1>
>
> I would like to propose a requirement to implement this in OfBiz, & invite
> you all to provide valuable inputs to conclude the requirements &
> implementation plans.
>
> Thanks and Regards
> *Rahul Bhooteshwar*
> Enterprise Software Engineer
> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>