Return-Path: X-Original-To: apmail-cxf-dev-archive@www.apache.org Delivered-To: apmail-cxf-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BBDD0106AB for ; Mon, 3 Mar 2014 10:28:04 +0000 (UTC) Received: (qmail 58424 invoked by uid 500); 3 Mar 2014 10:28:02 -0000 Delivered-To: apmail-cxf-dev-archive@cxf.apache.org Received: (qmail 56947 invoked by uid 500); 3 Mar 2014 10:27:54 -0000 Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list dev@cxf.apache.org Received: (qmail 56099 invoked by uid 99); 3 Mar 2014 10:27:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Mar 2014 10:27:50 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sberyozkin@gmail.com designates 74.125.83.47 as permitted sender) Received: from [74.125.83.47] (HELO mail-ee0-f47.google.com) (74.125.83.47) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Mar 2014 10:27:43 +0000 Received: by mail-ee0-f47.google.com with SMTP id b15so1122431eek.6 for ; Mon, 03 Mar 2014 02:27:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=dUZqaz4oZXqxb+ddQLbltQZMNQWgs5QyyTyda/3izoo=; b=cJDQTlxam+AKNww1mkc7ixd2U5w4+4OjtdcChUpivJ0JuOWxdad5PDG5eu+XeTFzWo +oCY+b1u9TuBiEo2qX+kEDYnsd0NUKrDjikJxV7elIG7UrmlOnlEHqe8Hx8Jrhenfjr/ u9yRsJdUT9y9Fi62vg5aJ13pLlcdy2wgBSEpAUmpvniIepBDq8DWT9hnWyTBvrlWQKwq GWwF+Lq2NCMTKZcz8jTobTx47OQmdz7wqfMg1vtJmTu3bU8PdYylm2R77XT+A1FBnYfc staCqM+7LPxGKICIuogbjqj8G+5Yd4bEbo2UVvYFPNYwN5HGA/5wjD/Y3wVrGtv/yrWU WH+g== X-Received: by 10.204.246.8 with SMTP id lw8mr98288bkb.66.1393842442465; Mon, 03 Mar 2014 02:27:22 -0800 (PST) Received: from [10.36.226.2] ([80.169.137.42]) by mx.google.com with ESMTPSA id yt4sm9179788bkb.7.2014.03.03.02.27.20 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 03 Mar 2014 02:27:21 -0800 (PST) Message-ID: <53145907.3030402@gmail.com> Date: Mon, 03 Mar 2014 10:27:19 +0000 From: Sergey Beryozkin User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: dev@cxf.apache.org Subject: Re: OpenId Connect References: <53121BF0.1090401@hoegernet.de> In-Reply-To: <53121BF0.1090401@hoegernet.de> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Hi Thorsten On 01/03/14 17:42, Thorsten H�ger wrote: > Hi, > > are there plans to support OpenId Connect (Server/Client) as extension to OAuth2 in CXF? > Yes. Right now, the immediate priority is to support JWT wrapped as CXF ServerAccessToken, and the JWT assertions grant. Next, offer the JAX-RS services support for the client registration and token management. OpenId Connect will be next (possibly some prototyping will start after the JWT support is done). I'm not sure right now in what form it will be supported, may be some of it will be done as part of Fediz, but I think at the very least CXF OAuth2 endpoints should be able to work with the OpenId Connect aware infrastructure... Do you have any particular integration requirements ? What is it that attracts you in OpenId-Connect most ? Cheers, Sergey > Regards, > Thorsten >