There are a number of Clojure libraries available for OAuth, but not all providers and protocols are supported. What are the Clojure library options for OAuth and which providers do they support, especially OAuth 2?
You have a couple of options. The standard recommendation would likely be Chas Emerick's friend (https://github.com/cemerick/friend) which packs most of the options you're likely to be interested in, and which a number of other libraries build upon.
There are also somewhat more contained libraries like clauth (https://github.com/pelle/clauth) which specifically target OAuth 2 but don't aim to solve your security needs in a comprehensive fashion.
Related
Does Adobe Experience Manager support OAuth 2.0 as a client? I mean AEM connecting with an external application which plays a role of authorization server and resource provider.
I could not find any examples of such usage - AEM is usually presented as an authorization server and resource provider for other client applications.
AEM provides an number of authorization integrations. Maybe you can switch to SAML, which works pretty good out-of-the-box. I once integrated AEM with Keycloak with good results (but using SAML).
Regarding OAuth most documentation is dominated by AEM as an OAuth provider. They integrated Apache Oltu (which is end-of-life anyway).
But AEM provides an OAuth client as well. But it needs a custom extension for each provider. Out-of-the-box are only implementations for Twitter and Facebook available. But there seems also Github and IMS (Identity Management from Adobe Managed Services) to be available.
Please check also Package Share. But I don't know what is available there. And you probably need support from Adobe, to judge the quality and usefulness of such packages.
If you have to implement your own Provider-Extension, the best starting point I found was here:
https://aemcorner.com/adobe-granite-oauth-authentication-handler/
You are basically free to build whatever you want, as AEM is basically nothing else but a Java application. But you might want to keep in mind, that the standard applications of AEM are delivering rendered HTML from the dispatcher in the end. You want to have as little load on the publishers as possible.
So, when authorisation of resources is a technical- or business concern, you might need to dive deeper into SPAs or at least async loading of resources as JSON.
I have two set of RestAPIs used for same application developed on two different frameworks.
One on SpringBoot secured using OAuth 2. Second set of APIs developed on Jooby microframework of RestAPIs.
Since the services on Jooby are not secure how can i do that? So that both set of APIs are secured.
The Login is working in conjunction with SpringBoot App and OAuth 2.0 and same user credentials should be used for jooby apis as well. Does it make sense to put some sort of gateway common for both the set of apis?
Well, security is a broad topic and frameworks implement security guidelines and support when becoming mature. Even I don't have any prior experiences with Jooby, after referring their documents I found a couple of support libraries and extensions.
Moreover, you can follow this great Github repo as a checklist and implement what relevant to your context.
If you can provide more implementation details about your login, I can give a more specific answer. But it seems common gateway isn't really necessary and you can use authentication credentials such as tokens directly with your Jooby API's as well. See pac4j which is listed under Jooby documents.
We might want to create third party API to access our Plone CMS site data. One of possible methods to share the user priviledges in third party systems is OAuth2, as used by Twitter, Tumblr and Facebook. This way the third party gains the user priviledges after the user clicks "Allow" in the dialog for accessing one's data.
Is there an existing solutions where Plone acts as OAuth2 host (not sure about the terminology)
What other options there might be for this use case
I am not in rush, this is 2014 planning :)
As far as I know pmr2.oauth is the only package (disclosure: I also wrote this) that provide OAuth provider support for Plone (i.e. this lets Plone act as an "OAuth host", including support for scope so to let users know what they are allowing, like Twitter et. al.). There is another package that I briefly looked at called wsgioauth, but it is a fairly general package and it's for wsgi, so I ended up building my own package (and it looks like wsgioauth hasn't been maintained for 3 years now).
Currently it only supports OAuth 1.0; reason for that is that at the time of development there were no good OAuth 2.0 libraries, especially for providers. Only recently the support for RFC 6749 (the actual OAuth 2.0 standard) is beginning to surface through oauthlib, which is the library that does the signing of requests for pmr2.oauth. That said, hopefully I have it written in a way that is modular enough to plug in support for OAuth 2.0, or at least the core is easy enough to be modified to include support for this. I would be more than happy to have the Plone community to take it and improve on it (or even fork it off, or anyone knowledgeable in this area) as I don't have any immediate plans to include support for OAuth 2.0 yet.
I need to build an ecosystem of online tools (these tools are on various platforms like Moodle, Website Baker, ASP.Net, php, etc, some already built, some purchased from other vendors and some to be built), where I want a single login that the end user should have.
These tools, standalone, have their own login mechanism in place at the moment.
I am planning to build a central system on DNN where users register and this system exposes an oAuth service that other systems use to authenticate users against.
I am considering DNN (DotNetNuke) platform for the following reasons:
1. I am an ASP.Net developer and familiar to some extent with DNN (Not a whole lot, but enough to know that it has the concept of providers and modules that I can customize as per my needs).
2. I will need a shopping cart and a registration system which I am hoping to get some ready-made third party solution.
WHAT I NEED INPUTS ON:
Is there some DNN component out there already that exposes oAuth authentication from a DNN site? I am looking to implement something similar to what Google has implemented for it's oAuth interface.
If I understand you correctly, you are trying to build is called 3 legged authentication with oauth where you want dotnetnuke to be the provider. In order to do that in dotnetnuke, you need to provide a UI where consumers can register and get AppId and consumerKey. Once that is done, Consumer will send user to dotnetnuke for login. Dotnetnuke will validate the user and return appropriate information to consumer.
Here are some things that can help you:
DotNetOAuth library
OAuth website
http://code.google.com/p/extremeswankoauth/wiki/Server_Examples
http://www.cleancode.co.nz/blog/523/oauth-dot-net
Example oAuth implementation in java
Let me know if you need more help.
I don't know if it is the best way to accomplish the solution but it was what I did.
There's a code sample of DotNetOpenAuth here which uses OAuth to authenticate users. Probably you will see that there are more examples, and even newer but .. pay attention because If you are using the last version of DNN (7.x), it works using the .NET Framework 4 and the newer samples uses 4.5. So, take a look of the first example! The ASP NET Handler called OAuth.ashx is your OAuth Service provider.
Then, I built a DNN module based on the sample to make DNN work as OAuth Service.
I followed this guide to build the module. There are some videos which shows the basic of module development.
Is there a .NET OAuth library specifically designed to work against Twitter? Maybe even something to support MVC? A base controller maybe.....
I am currently using DotNetOpenAuth; it works well enough but seems overkill, in some places too complex and based on documentation more focused on openid.
Yes, several in fact. LinqToTwitter and TweetSharp are both .NET free libraries for calling into Twitter. DotNetOpenAuth has a longer history in OpenID than OAuth, but OAuth is very much a first class scenario for DotNetOpenAuth. That said, DotNetOpenAuth is strictly a protocol-level library, so higher-level libraries make calling Twitter much easier and I would highly recommend one of those.