shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalle Korhonen (Commented) (JIRA)" <>
Subject [jira] [Commented] (SHIRO-119) Oauth support
Date Thu, 16 Feb 2012 04:22:59 GMT


Kalle Korhonen commented on SHIRO-119:

I applaud the efforts Jérôme. This issue was originally opened for the provider implementation,
but that's not to say this issue couldn't necessarily be used for oauth consumer support,
just wanted to make it clear for everybody reading this that these are separate issues. Jérôme,
do you have the sample application you mentioned available somewhere (github gist or similar,
or could just commit as part of scribe-up)? Scribe-centric Oauth consumer support is a good
starting point, but what I don't like about this implementation is the required extensions
to all of the common Shiro filters, the single Oauth realm and that the provider information
is abstracted away and mapped to a role. Also, it's not necessary to use session even for
Oauth 1.0a implementation. Nevertheless, this could provide a starting point for an Oauth
support. One additional thing I'm still not comfortable with is that how much role Shiro should
take when participating in Oauth authentication/authorization call flow. Finally, Oauth is
primarily an authorization framework, and I get the need for centralized authentication, but
using provided specific protocol is out of scope with Scribe. We probably need to discuss
the Oauth support in general on the dev list before moving ahead with it.
> Oauth support
> -------------
>                 Key: SHIRO-119
>                 URL:
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Jason Eacott
>            Assignee: Kalle Korhonen
>         Attachments: shiro-oauth-documentation.pdf, shiro-oauth-svn.patch, shiro-oauth.patch
> Create support for OAuth provider  support 'out of the box'. 
> This could involve a standalone provider webapp with some flexible mechanism for data
storage, and/or remote data retrieval & management,
> and a customisable way to integrate application/transport specific OAuth based authentication
with Shiro (HTTP/XMPP etc).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message