CXF, OAuth2 and social login

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CXF, OAuth2 and social login

Vassilis Virvilis-3
Hi,

I am looking in CXF support for OAuth2 support in general and social logins in particular. See http://cxf.apache.org/docs/jax-rs-oauth2.html

 From the docs it is not immediately evident if the OAuth2 support has been written with the "social login" workflow in mind. There is of course http://cxf.apache.org/docs/jax-rs-oauth2.html#JAX-RSOAuth2-ThirdPartyClientAuthentication but it still feels to me like the "I want to create and own OAuth2 server" case.

Is CXF supposed be used for such a task or should give up on CXF and use something else such as:

1) Apache Oltu: https://oltu.apache.org/
minus: Doesn't look very vibrant: https://mail-archives.apache.org/mod_mbox/oltu-dev/201801.mbox/%3CA760F1A0-A0C2-4039-B6FA-87320722DFAB%40adobe.com%3E

2) Google https://developers.google.com/api-client-library/java/google-oauth-java-client/oauth2
minus: I have already the CXF framework in place. Why use another framewrok?

3) Spring: https://geowarin.github.io/social-login-with-spring.html
minus: It's spring

4) Other: https://github.com/3pillarlabs/socialauth

Any suggestions are welcome.
Reply | Threaded
Open this post in threaded view
|

Re: CXF, OAuth2 and social login

Sergey Beryozkin
Administrator
Hi

I'm assuming you are mainly interested in making your web application
acting as OpenIdConnect client or RP, i.e, a user who is about to access
this web application needs to authenticated first against Google/etc ?

CXF offers quite a decent support for it, I'd recommend to experiment
with jaxrs_big_query and also jaxrs/basic_oidc, and also check
http://cxf.apache.org/docs/jax-rs-oidc.html

HTH, Sergey

On 12/02/18 10:11, Vassilis Virvilis wrote:

> Hi,
>
> I am looking in CXF support for OAuth2 support in general and social
> logins in particular. See http://cxf.apache.org/docs/jax-rs-oauth2.html
>
>  From the docs it is not immediately evident if the OAuth2 support has
> been written with the "social login" workflow in mind. There is of
> course
> http://cxf.apache.org/docs/jax-rs-oauth2.html#JAX-RSOAuth2-ThirdPartyClientAuthentication 
> but it still feels to me like the "I want to create and own OAuth2
> server" case.
>
> Is CXF supposed be used for such a task or should give up on CXF and use
> something else such as:
>
> 1) Apache Oltu: https://oltu.apache.org/
> minus: Doesn't look very vibrant:
> https://mail-archives.apache.org/mod_mbox/oltu-dev/201801.mbox/%3CA760F1A0-A0C2-4039-B6FA-87320722DFAB%40adobe.com%3E 
>
>
> 2) Google
> https://developers.google.com/api-client-library/java/google-oauth-java-client/oauth2 
>
> minus: I have already the CXF framework in place. Why use another
> framewrok?
>
> 3) Spring: https://geowarin.github.io/social-login-with-spring.html
> minus: It's spring
>
> 4) Other: https://github.com/3pillarlabs/socialauth
>
> Any suggestions are welcome.

Reply | Threaded
Open this post in threaded view
|

Re: CXF, OAuth2 and social login

Vassilis Virvilis-3
Hi Sergey,

Thanks for the quick replay.

Yes your assumption is correct.

Thank you for the pointer. I wasn't aware of that. Certainly looks interesting and more inline with my requirements. I will investigate further as my preference is to use CXF.

I did my search and I didn't hit oidc before. Funny... Maybe CXF pages could use some SEO love.

Thanks again

     Vassilis

On 02/12/2018 12:58 PM, Sergey Beryozkin wrote:

> Hi
>
> I'm assuming you are mainly interested in making your web application acting as OpenIdConnect client or RP, i.e, a user who is about to access this web application needs to authenticated first against Google/etc ?
>
> CXF offers quite a decent support for it, I'd recommend to experiment with jaxrs_big_query and also jaxrs/basic_oidc, and also check
> http://cxf.apache.org/docs/jax-rs-oidc.html
>
> HTH, Sergey
>
> On 12/02/18 10:11, Vassilis Virvilis wrote:
>> Hi,
>>
>> I am looking in CXF support for OAuth2 support in general and social logins in particular. See http://cxf.apache.org/docs/jax-rs-oauth2.html
>>
>> ¬†From the docs it is not immediately evident if the OAuth2 support has been written with the "social login" workflow in mind. There is of course http://cxf.apache.org/docs/jax-rs-oauth2.html#JAX-RSOAuth2-ThirdPartyClientAuthentication but it still feels to me like the "I want to create and own OAuth2 server" case.
>>
>> Is CXF supposed be used for such a task or should give up on CXF and use something else such as:
>>
>> 1) Apache Oltu: https://oltu.apache.org/
>> minus: Doesn't look very vibrant: https://mail-archives.apache.org/mod_mbox/oltu-dev/201801.mbox/%3CA760F1A0-A0C2-4039-B6FA-87320722DFAB%40adobe.com%3E
>>
>> 2) Google https://developers.google.com/api-client-library/java/google-oauth-java-client/oauth2
>> minus: I have already the CXF framework in place. Why use another framewrok?
>>
>> 3) Spring: https://geowarin.github.io/social-login-with-spring.html
>> minus: It's spring
>>
>> 4) Other: https://github.com/3pillarlabs/socialauth
>>
>> Any suggestions are welcome.
>
>