Re: Add OAuth support for Shiro

[jleleu <le...@gmail.com>]

Hi Les,

I just commented the SHIRO-119 ticket to present the shiro-oauth module I
created. I also attached the SVN patch and PDF documentation.
I let you review it.
Cheers,
Jérôme


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7288596.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Add OAuth support for Shiro

[jleleu <le...@gmail.com>]

Hi,

I'm glad that we finally add my module as an official extension to support
OAuth in Shiro : https://github.com/bujiio/buji-oauth.
I just updated the documentation.

Any feedback will be greatly appreciated...

Can we imagine doing the same for the CAS support ?

Thanks.
Best regards,
Jérôme


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7577544.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Add OAuth support for Shiro

[jleleu <le...@gmail.com>]

Hi Les,


Thanks for your feedback.

I do understand your concern about minimizing dependencies but for OAuth
client part, I think that it's a good solution.
So I'd like to propose to you a solution : why not split the OAuth module in
two parts ? shiro-oauth-client and shiro-oauth-server modules. As these
modules address very different goals, I wouldn't be surprised to have two
modules. Moreover, I'm not sure that it would be really possible to use the
same library for both usages.


About Scribe and ScribeUP :

I think that Scribe is a great library supporting OAuth 1.0 and 2.0
protocols with many providers. It's higly maintained and always improving.
If you know a better OAuth library, I'll be happy to take a look at it, but
I still believe Scribe is the best one.

But Scribe is "just" about OAuth protocol : authenticating a user is not
sufficient, you certainly want to know who he is : that's where ScribeUP
comes into play : it's built on top of Scribe to get user profile after
OAuth authentication (in a web oriented way). It's a huge work to get
profiles from providers and I spent a lot of time doing this : I didn't find
any library doing something similar. 8 providers (the most "famous" I hope)
are already available through ScribeUP.

When I started to develop OAuth client support for CAS project, the idea
popped out that the user profiles part could exist on its own and can be
reused for other libraries like Shiro. That is how ScribeUP was borned.
Right now, cas-server-support-oauth module 3.5.0 is built on ScribeUP 1.0.0
and the next version will be built on ScribeUP v1.1.0 :
https://wiki.jasig.org/display/CASUM/OAuth.
ScribeUP version 1.0.0 could really be improved and that's what I did in
version 1.1.0, the library is totally abstracted from Scribe and easier to
manipulate and initialize.


I'm not sure to understand the use case you have mind for REST API. Is it
about OAuth *client* support ?
IMHO, it's clear that the most wanted use case for OAuth client support is
the ability to create web applications for Facebook, Twitter... and for
that, my shiro-oauth(-client) module is totally appropriate.
That's exactly what the demo https://github.com/leleuj/scribe-up-shiro-demo
intends to demonstrate.


Thanks.
Best regards,
Jérôme


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7577512.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Add OAuth support for Shiro

[Les Hazlewood <lh...@apache.org>]

Hi Jerome,

It looks pretty good, although I'm not sure we can force a Scribe-Up
dependency on everyone who wants to use OAuth.  IMO, the base OAuth
support module should support a single OAuth 3rd party library and
minimize the number of dependencies.

Perhaps additional oauth extensions (e.g. scribe-up) can be added in
addition to the core OAuth module.

On a side note, one personal frustration I have with Scribe is that it
does not support re-computing the OAuth signature on HTTP Redirects.
This is bad for REST APIs for example, which can often use HTTP
redirects for resource relocation.  There should be a better solution
IMO.

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk

On Sun, Jul 8, 2012 at 5:31 AM, jleleu <le...@gmail.com> wrote:
> Hi,
>
> Did you get some time to look at my OAuth client module for Shiro ?
>
> I am very excited about your feedback and adding OAuth support in Shiro.
>
> Just let me know if I can ease your code review by any means.
>
> Best regards,
> Jérôme
>
>
> --
> View this message in context: http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7577500.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Add OAuth support for Shiro

[jleleu <le...@gmail.com>]

Hi,

Did you get some time to look at my OAuth client module for Shiro ?

I am very excited about your feedback and adding OAuth support in Shiro.

Just let me know if I can ease your code review by any means.

Best regards,
Jérôme


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7577500.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Add OAuth support for Shiro

[Les Hazlewood <lh...@apache.org>]

Cool stuff!  Thanks for sharing Jérôme!

Cheers,

--
Les Hazlewood
CTO, Stormpath | http://stormpath.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog: http://www.stormpath.com/blog


On Wed, May 23, 2012 at 10:15 AM, jleleu <le...@gmail.com> wrote:
> Hi,
>
> I added OAuth client support in Shiro for Windows Live and WordPress
> accounts. I also updated the demo
> (https://github.com/leleuj/scribe-up-shiro-demo).
> Best regards,
> Jérôme
>
>
> --
> View this message in context: http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7573846.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Add OAuth support for Shiro

[jleleu <le...@gmail.com>]

Hi,

I added OAuth client support in Shiro for Windows Live and WordPress
accounts. I also updated the demo
(https://github.com/leleuj/scribe-up-shiro-demo).
Best regards,
Jérôme


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7573846.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Add OAuth support for Shiro

[Les Hazlewood <lh...@apache.org>]

Hi Jérôme,

What you see on Github is a mirror of the Apache subversion repository.
 Apache projects must run on ASF infrastructure.

Cheers,

--
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com> |
888.391.5282
PMC Chair, Apache Shiro | http://shiro.apache.org
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog: http://stormpath.com/blog<http://www.stormpath.com/blog/index>

On Tue, Apr 24, 2012 at 10:44 AM, jleleu <le...@gmail.com> wrote:

> Hi Les,
>
> Great news !
> Don't hesitate to ask me questions or for support : I'll be happy to help
> you.
>
> I saw that Shiro is available through Github :
> https://github.com/apache/shiro.
> Do you plan to use it instead of SVN ? I could create a pull request if
> needed...
> I'm a CAS commiter and CAS project is on Github : it's really easy to
> handle
> new contributions and merge them into the core.
>
> Cheers,
> Jérôme
>
>
> --
> View this message in context:
> http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7496817.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.
>

Re: Add OAuth support for Shiro

[jleleu <le...@gmail.com>]

Hi Les,

Great news !
Don't hesitate to ask me questions or for support : I'll be happy to help
you.

I saw that Shiro is available through Github :
https://github.com/apache/shiro.
Do you plan to use it instead of SVN ? I could create a pull request if
needed...
I'm a CAS commiter and CAS project is on Github : it's really easy to handle
new contributions and merge them into the core.

Cheers,
Jérôme


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7496817.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Add OAuth support for Shiro

[Les Hazlewood <lh...@apache.org>]

Hi Jerome,

This is great - thanks so much for following up.  You're right - OAuth is
pretty important these days, and we should support it natively in Shiro
ASAP.  When I get some breathing room in the next few weeks, I'll see if I
can incorporate your patches into Shiro's trunk (assuming someone else
doesn't beat me to it first!).

Best,

--
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog:
http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>


On Mon, Apr 23, 2012 at 12:19 PM, jleleu <le...@gmail.com> wrote:

> Hi,
>
> Two months ago, I proposed a patch to add OAuth client support to Shiro
> (SHIRO-119) by a new module : shiro-oauth. It was based on the ScribeUP
> (1.0.0) library I created for handling user profile after OAuth
> authentication (https://github.com/leleuj/scribe-up).
>
> I had an initial feedback from Kalle, I created a web app demo :
> https://github.com/leleuj/scribe-up-shiro-demo, gave some answers and
> proposed to create a "login resolver" concept (a bit like the entry point
> in
> Spring security) to manage login urls and avoid creating specific filters
> for OAuth support. But I didn't get any new feedback on this idea. At
> least,
> specific OAuth filters (even if they are inelegant) are not invasive for
> the
> Shiro core.
>
> I believe OAuth is a mainstream protocol and supporting OAuth is a
> must-have
> feature for the Shiro project. I've made enhancements for the version 1.1.0
> of my ScribeUP library. I upgrade the shiro-oauth module to use this new
> version. I update the JIRA ticket SHIRO-119 with my new SVN patch and my
> updated documentation.
>
> I hope that the Shiro community get more interest in the OAuth client
> support I propose.
>
> Thanks.
> Best regards,
> Jérôme
>
>
> --
> View this message in context:
> http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7493004.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.
>

Re: Add OAuth support for Shiro

[jleleu <le...@gmail.com>]

Hi,

Two months ago, I proposed a patch to add OAuth client support to Shiro
(SHIRO-119) by a new module : shiro-oauth. It was based on the ScribeUP
(1.0.0) library I created for handling user profile after OAuth
authentication (https://github.com/leleuj/scribe-up).

I had an initial feedback from Kalle, I created a web app demo :
https://github.com/leleuj/scribe-up-shiro-demo, gave some answers and
proposed to create a "login resolver" concept (a bit like the entry point in
Spring security) to manage login urls and avoid creating specific filters
for OAuth support. But I didn't get any new feedback on this idea. At least,
specific OAuth filters (even if they are inelegant) are not invasive for the
Shiro core.

I believe OAuth is a mainstream protocol and supporting OAuth is a must-have
feature for the Shiro project. I've made enhancements for the version 1.1.0
of my ScribeUP library. I upgrade the shiro-oauth module to use this new
version. I update the JIRA ticket SHIRO-119 with my new SVN patch and my
updated documentation.

I hope that the Shiro community get more interest in the OAuth client
support I propose.

Thanks.
Best regards,
Jérôme


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-tp7240738p7493004.html
Sent from the Shiro Developer mailing list archive at Nabble.com.