Comments (4)
Not sure what you're envisioning. The OAuth spec dictates http as the transport mechanism for both the authorization and token requests.
from osin.
Yes, I know it does. I can attempt to describe what I was thinking and why I would want such a feature.
Let's assume I have a bunch of services that communicate through RPC (thrift, gRPC, etc.). I do have an HTTP front end but maybe I would want a service that my HTTP front end would delegate the authentication/authorization requests to. This way say I get a request I can chain these service calls by verifying an access token, checking scopes then hitting a database if it has the specified scope.
Yes, I could very well do all of this on my web frontend and just do these checks before sending an RPC request to another service but in my opinion it just seemed more decoupled this way (my proposal).
Now I do realize the benefit of the majority (no breaking API changes) over my small use case here, but I was just wondering if you'd be open to such a change. I always believed decoupling things like this would be a better design philosophy to begin with.
from osin.
Still not seeing the integration. The part of OAuth osin
implements is oriented toward obtaining a token, not using it against an API. Whatever storage mechanism you implement that can retrieve token details for a given token could be used by an authn/authz layer for any arbitrary API (http, rest, RPC, etc), but usage of an access token to auth to an API doesn't have anything to do with how the token was obtained.
from osin.
Absolutely, I understand that. I guess the pursuit was just to decouple things more for myself. I would of liked to have the token generation, authorization etc. all in one easy place but it's not the end of the world.
Thank you!
from osin.
Related Issues (20)
- CheckBasicAuth does not url decode the client_id and client_secret HOT 2
- How should I connect with my own user table ? HOT 2
- Expires time not correct HOT 4
- password grant type HOT 2
- Support for UMA, a.k.a. resource sets? HOT 5
- The redirect URI is checked to be not empty for every flow HOT 4
- grpc HOT 1
- Deprecating the project HOT 20
- Bot sending repeated messages HOT 5
- Can we fork this repo like gogs and gitea? HOT 3
- refactor example imports HOT 6
- refresh token expiration HOT 4
- in some case should check err == osin.ErrNotFound HOT 4
- Future Release Branches Frozen For Merging | branch:release-4.18 branch:release-4.19 HOT 2
- the project active? HOT 6
- Depends on "github.com/RangelReale/osin" HOT 2
- Authorization Code Request Handler always expects client secret to be present HOT 8
- RedirectURI prefix validation HOT 2
- grant type CLIENT_CREDENTIALS HOT 10
- The vulnerability CVE-2021-4294 has been fixed, but no specific tag denotes the patched version. HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from osin.