I did an Oauth2 consumer (specifically Facebook) integration for Tynamo/Tapestry apps (see http://tynamo.org/tynamo-federatedaccounts+guide) that uses Shiro as the underlying security framework. The problem with plain Shiro handling Oauth is with processing the callbacks since Shiro isn't a web framework and pretty quickly you want to customize the interaction, layout etc. in your webapp. My thinking was that I'll just do several provider and protocol integrations first within the tynamo-federatedaccounts module, then perhaps come back and generalize some of the federatedaccounts interfaces and flow for Shiro, to make it all a bit more standardized.
Kalle On Mon, Apr 4, 2011 at 12:43 PM, Jared Bunting <[email protected]> wrote: > I did some work on using amber to do the resource provider part of oauth > 2. There's really not much to it though - and with oauth 2 being > unfinished... > > The more interesting part of oauth is the token aquisition but i'm not > really sure that shiro is the right place for that. I might spend some > time this week looking at that but would also welcome any help or input. > > -Jared > > Les Hazlewood <[email protected]> wrote: > > Hi Tauren, > > I've been mucking with OpenId support using the OpenId4J library. It > is currently in trunk as a new 'openid4j' support module. It is not > entirely finished yet - the attribute exchange stuff has just been > finished, and I think all that is left is to create a Filter that can > process response messages from the OpenId provider. > > Please take a look at trunk and let me know what you think! > Feedback/suggestions welcome! > > I haven't done any work on OAuth however. If anyone has any > contributions for this, it'd be great! > > Cheers, > > -- > Les Hazlewood > Founder, Katasoft, Inc. > Application Security Products & Professional Apache Shiro Support and > Training: > http://www.katasoft.com > > On Sun, Apr 3, 2011 at 12:18 AM, Tauren Mills <[email protected]> wrote: >> I'm fleshing out a roadmap for my web service. I'd like to eventually > allow >> users to login via OpenID. Further down the road, I'd like 3rd party > apps to >> be able to be built on my REST services, so having OAuth support would > be >> nice. I've looked at the Jira issues for both of these, which were > created a >> long time ago. However, I noticed both issues have recent activity. >> So I was hoping someone involved might share a little about what > activity is >> taking place and what we might expect in the future. For instance, what >> kinds of features are planned, a rough idea of when it might be > integrated >> into shiro (weeks, months, years), and anything else that might pertain. >> Thanks! >> Tauren > >
