Re: GWT OAuth2 Open Source Release

2016-07-12 Thread Paul Mazzuca
You are correct. The RFC makes the distinction that "dynamically issued credentials such as access tokens or refresh tokens can received an acceptable level of protection" in a native application. However, the lines certainly can be blurred with a Cordova App which is both a user agent based appli

Re: GWT OAuth2 Open Source Release

2016-07-12 Thread Thomas Broyer
It amounts to knowledge by the AS whether this is a confidential or public client. When registering a native app, Google knows that it can only be a public app. When registering a web app, they can assume this will be a confidential client and expect you to keep the secret, well, secret. The AS

Re: GWT OAuth2 Open Source Release

2016-07-12 Thread Paul Mazzuca
After reading some of the docs further, I think some of the confusion stemmed from how Google describes that an Installed App can execute a Authorization Code Flow ( https://developers.google.com/identity/protocols/OAuth2). In this case, the doc suggests that the “process results in a client ID

Re: GWT OAuth2 Open Source Release

2016-07-11 Thread Paul Mazzuca
Thomas, thanks for all the feedback, and thanks again for taking the time. This is exactly what we were hoping for. We will need some time to read through the references you have provided. Once we get through them, I will be sure to respond back in the forum. A couple of points that I think I can

Re: GWT OAuth2 Open Source Release

2016-07-11 Thread Paul Mazzuca
Thanks Gilberto. I think that's a great idea, however I would like to get more feedback and have an opportunity to address key issues first, especially in regards to Thomas Boyer's recent comments. Once we get through those issues and updates, definitely. GWT Material is a fantastic project by

Re: GWT OAuth2 Open Source Release

2016-07-11 Thread Thomas Broyer
There are many many many small things that are either wrong, or inappropriate, or inappropriately described. On Thursday, July 7, 2016 at 1:22:55 AM UTC+2, Paul Mazzuca wrote: > > I thought that it might be a good idea to update the existing GWT-OAuth2 > project from 2011. I know that I have ce

Re: GWT OAuth2 Open Source Release

2016-07-11 Thread Gilberto
Looks amazing Paul! Do you have interest in building a template/example project, covering all the common auth scenarios, in partnership with GWT Material ? I talked with Mark Kevin (the founder of GWT Material) about it and I think we could m

GWT OAuth2 Open Source Release

2016-07-06 Thread Paul Mazzuca
I thought that it might be a good idea to update the existing GWT-OAuth2 project from 2011. I know that I have certainly needed a reliable framework for just about all of my projects, and unfortunately the old one is too out of date for my use cases. Let me know what you think and contributi