java - Centralized API provider - oAuth or not? -


i bit lost overflow of information , need guidance on best way can support providing apis access trusted clients.

current environment:

we have centralized server handles user authentication/authorization via apache shiro.

have in-house apis communicate internally centralized server authenticate , manage tokens. (thus enabling sso).

communication between our client applications , apis secured on ssl.
token-based authentication used.

target:

our target allow 3rd party applications , apis communicate our centralized authentication server. our main concern phishing, want "valid" parties communicate us, , preferably disallow exposing authentication information on 3rd party's side.

questions:

1- best way implement such architecture? should go ahead oauth? if yes, there way integrate shiro?

2- oauth job on mobile applications well? (e.g restrict access rest api unless application trusted)

3- there oauth provider library can use java, or oauth "standard" have implement myself? (such as, example, implementing restful apis)

4- sso support oauth?

sorry vague questions. need general guidance , advice.

here answers in order,

  1. oauth 2.0 best fit you. should go oauth.
  2. definitely yes.
  3. there libraries. apache oltu , google client library.
  4. openid connect specification built on top of oauth can used implement sso.

Comments

Post a Comment

Popular posts from this blog

c# - Operator '==' incompatible with operand types 'Guid' and 'Guid' using DynamicExpression.ParseLambda<T, bool> -

i'm using dynamic linq library , there source code , basic docu , nuget version pm> install-package dynamiclinq i'm trying construct clause involves guids i have tried string "id == @0" . parameter array object[] value ( guid xxxx ) var whereclausesb = buildlogicalkeywhereclause2(entity, logicalkey); //build string var parms = buildparamarray(entity, logicalkey); // object[] var wherelambda = ofsi.bos.core.dynamicexpression.parselambda<t, bool>(whereclausesb.tostring(),parms); //parse an exception thrown in dynamicexpression.parselambda operator '==' incompatible operand types 'guid' , 'guid' i have tried guid , string.(fail) i tried , "id = @0" (fail). string == string works, int32==int32 not guid == guid not any ideas? try using equals method instead of == operator in string: "id.equals(@0)"
Read more