Return-Path: X-Original-To: apmail-oltu-user-archive@www.apache.org Delivered-To: apmail-oltu-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C2F0C10D6C for ; Mon, 18 Nov 2013 12:26:06 +0000 (UTC) Received: (qmail 78024 invoked by uid 500); 18 Nov 2013 12:26:06 -0000 Delivered-To: apmail-oltu-user-archive@oltu.apache.org Received: (qmail 77941 invoked by uid 500); 18 Nov 2013 12:26:01 -0000 Mailing-List: contact user-help@oltu.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@oltu.apache.org Delivered-To: mailing list user@oltu.apache.org Received: (qmail 77901 invoked by uid 99); 18 Nov 2013 12:25:58 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Nov 2013 12:25:58 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lumus.sensus@gmail.com designates 209.85.128.194 as permitted sender) Received: from [209.85.128.194] (HELO mail-ve0-f194.google.com) (209.85.128.194) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Nov 2013 12:25:53 +0000 Received: by mail-ve0-f194.google.com with SMTP id jw12so34355veb.5 for ; Mon, 18 Nov 2013 04:25:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=LxIgZ9kxkJXn5q284xMP9qOaf8pC+ea5nd7U1ITDDpE=; b=H8ajaunsHx9jQGvwwYoFjheHJv2/sQa/1pkn0Ck+Q6nTx5tLVo+9x7Fs8IAzkqh1+C 7eGX5dvVrVTldHXF6sIPWOFfata20ectL3EsQbK0rt5nwRql9uyHQZK1ixW2oxfrdKsA OadEuSAMl8Jg9Ifqb2ATtqVafXOMqW34a3ueF8LjL8RE68Y/D+hyWPmyqFeXsn0hGLka 9BJODw1IoTugdM1D231+F0BKaWzLz6tUXQhYiIADFSoAsjAj3GcPqlYDBTIEZ+0USJmG 2gJfCCMl6XeOry0BoZklEddLb6HLcySc6PJ9M40Yx7vrziG7HsGpQKcwd/xSkubymrgF KydQ== MIME-Version: 1.0 X-Received: by 10.52.187.138 with SMTP id fs10mr12508557vdc.10.1384777532703; Mon, 18 Nov 2013 04:25:32 -0800 (PST) Received: by 10.58.19.105 with HTTP; Mon, 18 Nov 2013 04:25:32 -0800 (PST) Date: Mon, 18 Nov 2013 12:25:32 +0000 Message-ID: Subject: Oltu - getting started From: Lumus Sensus To: user@oltu.apache.org Content-Type: multipart/alternative; boundary=bcaec548a385ee0e4c04eb72a4f8 X-Virus-Checked: Checked by ClamAV on apache.org --bcaec548a385ee0e4c04eb72a4f8 Content-Type: text/plain; charset=ISO-8859-1 Hello, I am very interested in using this project for oauth, intially using the authorization code grant and client credentials flows. However, I'm a bit stuck on what exactly this project can do and am hoping that someone can help. I have some specific queries if anyone can answer any of them please: 1) Does the code provide an authorization server that authenticates the resource owner? From what I can tell, there is an assumption that the RO has already been authenticated and has an active session. Is there is also an assumption that the AS is the same server as the resource server? If this is the case, does the project provide any means to validate the access token either on the RS or the RS making a call to the AS with the token (as many oauth2 solutions are doing with a userinfo endpoint from OIDC)? 2) How is this project deployed? Is the parent project exported as a library containing the sub-projects or does one build and deploy each separate project depending on their needs? Any detail would be appreciated. 3) What in the project is stub code that needs to be completed and is there guidance on how this might be done in the context of the API? 4) General guidance on what is provided and what is missing or intended to be provided by the consumer of this project. 5) How does this project differ to the Spring OAuth2 framework? I appreciate there are a lot of questions here, I can only offer that I would be willing to update the documentation in way of thanks if I make some progress. Thanks, Lumus --bcaec548a385ee0e4c04eb72a4f8 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hello,
I am very interested in using this project for oauth, intially = using the authorization code grant and client credentials flows.

However, I'm a bit stuck on what exactly this project can do and am hop= ing that someone can help.

I have some specific queries if an= yone can answer any of them please:

1) Does the code provide a= n authorization server that authenticates the resource owner? From what I c= an tell, there is an assumption that the RO has already been authenticated = and has an active session. Is there is also an assumption that the AS is th= e same server as the resource server? If this is the case, does the project= provide any means to validate the access token either on the RS or the RS = making a call to the AS with the token (as many oauth2 solutions are doing = with a userinfo endpoint from OIDC)?

2) How is this project deployed? Is the parent project exported a= s a library containing the sub-projects or does one build and deploy each s= eparate project depending on their needs? Any detail would be appreciated.<= br>
3) What in the project is stub code that needs to be completed an= d is there guidance on how this might be done in the context of the API?
4) General guidance on what is provided and what is missing or i= ntended to be provided by the consumer of this project.

5) How does this project differ to the Spring OAuth2 framework?
I appreciate there are a lot of questions here, I can only= offer that I would be willing to update the documentation in way of thanks= if I make some progress.

Thanks,
Lumus



--bcaec548a385ee0e4c04eb72a4f8--