Token Based Authentication with Apache OfBiz
Locked
Token Based Authentication with Apache OfBiz
 
|
Hello All,
Recently felt the need of Token Based Authentication process in Apache OfBiz while using OfBiz's business process offerings with standalone clients like Mobile Apps, Angular JS based apps running outside Apache OfBiz etc. What currently we are having in OfBiz is session based authentication process which is *stateful*. But while dealing with the independently running remote clients stateful authentication is not gonna work as we will not be using *server-browser session* anymore in those cases. Following are the initial draft & supporting documents to proceed further: - Token Based Authentication in Apache OfBiz <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv> - Token Based Authentication <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4> - JSON Web Tokens <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit> - IETF's (Internet Engineering Task Force) Documentation for JSON Web Tokens <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1> I would like to propose a requirement to implement this in OfBiz, & invite you all to provide valuable inputs to conclude the requirements & implementation plans. Thanks and Regards *Rahul Bhooteshwar* Enterprise Software Engineer HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in innovative enterprise commerce solutions **powered by Apache OFBiz.* |
Re: Token Based Authentication with Apache OfBiz
Administrator
|
We (I was then working with ilscipio) did something like that for a client, and I agree it's the way to go.
I mean that I agree with "We are not going to implement the Token Based Authentication process at low level. Behind the scenes, we will be using the current work flow as is" Disclaimer: I did not look into all details. Also we planned to use OpenId but eventually the Token Based Authentication we used was specific and proprietary to the client (this remembered me http://markmail.org/message/7vtjvjomneimspvl) Jacques Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : > Hello All, > Recently felt the need of Token Based Authentication process in Apache > OfBiz while using OfBiz's business process offerings with standalone > clients like Mobile Apps, Angular JS based apps running outside Apache > OfBiz etc. > > What currently we are having in OfBiz is session based authentication > process which is *stateful*. But while dealing with the independently > running remote clients stateful authentication is not gonna work as we will > not be using *server-browser session* anymore in those cases. > > Following are the initial draft & supporting documents to proceed further: > > - Token Based Authentication in Apache OfBiz > <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv> > - Token Based Authentication > <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4> > - JSON Web Tokens > <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit> > - IETF's (Internet Engineering Task Force) Documentation for JSON Web > Tokens > <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1> > > I would like to propose a requirement to implement this in OfBiz, & invite > you all to provide valuable inputs to conclude the requirements & > implementation plans. > > Thanks and Regards > *Rahul Bhooteshwar* > Enterprise Software Engineer > HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in > innovative enterprise commerce solutions **powered by Apache OFBiz.* > |
Re: Token Based Authentication with Apache OfBiz
|
|
Rahul,
Thanks for detailed proposal, I gone thru all the details. No changes in the current auth system, and achieving token based authentication looks a good idea to me. Agree on all the details provided and will try to participate in the reviewing the design/implementation. +1. Rishi Solanki Manager, Enterprise Software Development HotWax Systems Pvt. Ltd. Direct: +91-9893287847 http://www.hotwaxsystems.com On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux < [hidden email]> wrote: > We (I was then working with ilscipio) did something like that for a > client, and I agree it's the way to go. > > I mean that I agree with "We are not going to implement the Token Based > Authentication process at low level. Behind the scenes, we will be using > the current work flow as is" > > Disclaimer: I did not look into all details. Also we planned to use OpenId > but eventually the Token Based Authentication we used was specific and > proprietary to the client (this remembered me > http://markmail.org/message/7vtjvjomneimspvl) > > Jacques > > > > Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : > >> Hello All, >> Recently felt the need of Token Based Authentication process in Apache >> OfBiz while using OfBiz's business process offerings with standalone >> clients like Mobile Apps, Angular JS based apps running outside Apache >> OfBiz etc. >> >> What currently we are having in OfBiz is session based authentication >> process which is *stateful*. But while dealing with the independently >> running remote clients stateful authentication is not gonna work as we >> will >> not be using *server-browser session* anymore in those cases. >> >> Following are the initial draft & supporting documents to proceed further: >> >> - Token Based Authentication in Apache OfBiz >> < >> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv >> > >> - Token Based Authentication >> < >> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4 >> > >> - JSON Web Tokens >> < >> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit >> > >> - IETF's (Internet Engineering Task Force) Documentation for JSON Web >> Tokens >> < >> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1 >> > >> >> I would like to propose a requirement to implement this in OfBiz, & invite >> you all to provide valuable inputs to conclude the requirements & >> implementation plans. >> >> Thanks and Regards >> *Rahul Bhooteshwar* >> Enterprise Software Engineer >> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in >> innovative enterprise commerce solutions **powered by Apache OFBiz.* >> >> > |
Re: Token Based Authentication with Apache OfBiz
|
|
Hi guys,
JSON web tokens are suitable for one time authentication between parties but they have important drawbacks if they are used as a session mechanism (how to store them, not possible to invalidate one...) There is a nice article on this: http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ Best wishes, Gregory 2016-07-13 13:19 GMT+02:00 Rishi Solanki <[hidden email]>: > Rahul, > > Thanks for detailed proposal, I gone thru all the details. No changes in > the current auth system, and achieving token based authentication looks a > good idea to me. > > Agree on all the details provided and will try to participate in the > reviewing the design/implementation. > > > +1. > > > Rishi Solanki > Manager, Enterprise Software Development > HotWax Systems Pvt. Ltd. > Direct: +91-9893287847 > http://www.hotwaxsystems.com > > On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux < > [hidden email]> wrote: > > > We (I was then working with ilscipio) did something like that for a > > client, and I agree it's the way to go. > > > > I mean that I agree with "We are not going to implement the Token Based > > Authentication process at low level. Behind the scenes, we will be using > > the current work flow as is" > > > > Disclaimer: I did not look into all details. Also we planned to use > OpenId > > but eventually the Token Based Authentication we used was specific and > > proprietary to the client (this remembered me > > http://markmail.org/message/7vtjvjomneimspvl) > > > > Jacques > > > > > > > > Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : > > > >> Hello All, > >> Recently felt the need of Token Based Authentication process in Apache > >> OfBiz while using OfBiz's business process offerings with standalone > >> clients like Mobile Apps, Angular JS based apps running outside Apache > >> OfBiz etc. > >> > >> What currently we are having in OfBiz is session based authentication > >> process which is *stateful*. But while dealing with the independently > >> running remote clients stateful authentication is not gonna work as we > >> will > >> not be using *server-browser session* anymore in those cases. > >> > >> Following are the initial draft & supporting documents to proceed > further: > >> > >> - Token Based Authentication in Apache OfBiz > >> < > >> > https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv > >> > > >> - Token Based Authentication > >> < > >> > https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4 > >> > > >> - JSON Web Tokens > >> < > >> > https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit > >> > > >> - IETF's (Internet Engineering Task Force) Documentation for JSON > Web > >> Tokens > >> < > >> > https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1 > >> > > >> > >> I would like to propose a requirement to implement this in OfBiz, & > invite > >> you all to provide valuable inputs to conclude the requirements & > >> implementation plans. > >> > >> Thanks and Regards > >> *Rahul Bhooteshwar* > >> Enterprise Software Engineer > >> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in > >> innovative enterprise commerce solutions **powered by Apache OFBiz.* > >> > >> > > > -- Grégory Draperi |
Re: Token Based Authentication with Apache OfBiz
|
Administrator
|
HI Gregory,
If I'm not mistaken (I'll not do it) the idea is indeed to use tokens for one time authentication, but to then use OFBiz current work flow for the rest (ie handling sessions) Quoting below: "Behind the scenes, we will be using the current work flow as is" This is also what we did with the project I spoke about. Thanks for the article! Jacques Le 22/07/2016 à 15:53, gregory draperi a écrit : > Hi guys, > > JSON web tokens are suitable for one time authentication between parties > but they have important drawbacks if they are used as a session mechanism > (how to store them, not possible to invalidate one...) > > There is a nice article on this: > http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ > > Best wishes, > > Gregory > > > > 2016-07-13 13:19 GMT+02:00 Rishi Solanki <[hidden email]>: > >> Rahul, >> >> Thanks for detailed proposal, I gone thru all the details. No changes in >> the current auth system, and achieving token based authentication looks a >> good idea to me. >> >> Agree on all the details provided and will try to participate in the >> reviewing the design/implementation. >> >> >> +1. >> >> >> Rishi Solanki >> Manager, Enterprise Software Development >> HotWax Systems Pvt. Ltd. >> Direct: +91-9893287847 >> http://www.hotwaxsystems.com >> >> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux < >> [hidden email]> wrote: >> >>> We (I was then working with ilscipio) did something like that for a >>> client, and I agree it's the way to go. >>> >>> I mean that I agree with "We are not going to implement the Token Based >>> Authentication process at low level. Behind the scenes, we will be using >>> the current work flow as is" >>> >>> Disclaimer: I did not look into all details. Also we planned to use >> OpenId >>> but eventually the Token Based Authentication we used was specific and >>> proprietary to the client (this remembered me >>> http://markmail.org/message/7vtjvjomneimspvl) >>> >>> Jacques >>> >>> >>> >>> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : >>> >>>> Hello All, >>>> Recently felt the need of Token Based Authentication process in Apache >>>> OfBiz while using OfBiz's business process offerings with standalone >>>> clients like Mobile Apps, Angular JS based apps running outside Apache >>>> OfBiz etc. >>>> >>>> What currently we are having in OfBiz is session based authentication >>>> process which is *stateful*. But while dealing with the independently >>>> running remote clients stateful authentication is not gonna work as we >>>> will >>>> not be using *server-browser session* anymore in those cases. >>>> >>>> Following are the initial draft & supporting documents to proceed >> further: >>>> - Token Based Authentication in Apache OfBiz >>>> < >>>> >> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv >>>> - Token Based Authentication >>>> < >>>> >> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4 >>>> - JSON Web Tokens >>>> < >>>> >> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit >>>> - IETF's (Internet Engineering Task Force) Documentation for JSON >> Web >>>> Tokens >>>> < >>>> >> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1 >>>> I would like to propose a requirement to implement this in OfBiz, & >> invite >>>> you all to provide valuable inputs to conclude the requirements & >>>> implementation plans. >>>> >>>> Thanks and Regards >>>> *Rahul Bhooteshwar* >>>> Enterprise Software Engineer >>>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in >>>> innovative enterprise commerce solutions **powered by Apache OFBiz.* >>>> >>>> > > |
Re: Token Based Authentication with Apache OfBiz
|
|
Hi Jacques,
Okay, so I misunderstood the goal. You can forget what I said :) Still the article is really interesting :) Cheers, Gregory 2016-07-23 12:55 GMT+02:00 Jacques Le Roux <[hidden email]>: > HI Gregory, > > If I'm not mistaken (I'll not do it) the idea is indeed to use tokens for > one time authentication, but to then use OFBiz current work flow for the > rest (ie handling sessions) > > Quoting below: "Behind the scenes, we will be using the current work flow > as is" > > This is also what we did with the project I spoke about. > > Thanks for the article! > > Jacques > > > > Le 22/07/2016 à 15:53, gregory draperi a écrit : > >> Hi guys, >> >> JSON web tokens are suitable for one time authentication between parties >> but they have important drawbacks if they are used as a session mechanism >> (how to store them, not possible to invalidate one...) >> >> There is a nice article on this: >> http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ >> >> Best wishes, >> >> Gregory >> >> >> >> 2016-07-13 13:19 GMT+02:00 Rishi Solanki <[hidden email]>: >> >> Rahul, >>> >>> Thanks for detailed proposal, I gone thru all the details. No changes in >>> the current auth system, and achieving token based authentication looks a >>> good idea to me. >>> >>> Agree on all the details provided and will try to participate in the >>> reviewing the design/implementation. >>> >>> >>> +1. >>> >>> >>> Rishi Solanki >>> Manager, Enterprise Software Development >>> HotWax Systems Pvt. Ltd. >>> Direct: +91-9893287847 >>> http://www.hotwaxsystems.com >>> >>> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux < >>> [hidden email]> wrote: >>> >>> We (I was then working with ilscipio) did something like that for a >>>> client, and I agree it's the way to go. >>>> >>>> I mean that I agree with "We are not going to implement the Token Based >>>> Authentication process at low level. Behind the scenes, we will be using >>>> the current work flow as is" >>>> >>>> Disclaimer: I did not look into all details. Also we planned to use >>>> >>> OpenId >>> >>>> but eventually the Token Based Authentication we used was specific and >>>> proprietary to the client (this remembered me >>>> http://markmail.org/message/7vtjvjomneimspvl) >>>> >>>> Jacques >>>> >>>> >>>> >>>> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : >>>> >>>> Hello All, >>>>> Recently felt the need of Token Based Authentication process in Apache >>>>> OfBiz while using OfBiz's business process offerings with standalone >>>>> clients like Mobile Apps, Angular JS based apps running outside Apache >>>>> OfBiz etc. >>>>> >>>>> What currently we are having in OfBiz is session based authentication >>>>> process which is *stateful*. But while dealing with the independently >>>>> running remote clients stateful authentication is not gonna work as we >>>>> will >>>>> not be using *server-browser session* anymore in those cases. >>>>> >>>>> Following are the initial draft & supporting documents to proceed >>>>> >>>> further: >>> >>>> - Token Based Authentication in Apache OfBiz >>>>> < >>>>> >>>>> >>> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv >>> >>>> - Token Based Authentication >>>>> < >>>>> >>>>> >>> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4 >>> >>>> - JSON Web Tokens >>>>> < >>>>> >>>>> >>> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit >>> >>>> - IETF's (Internet Engineering Task Force) Documentation for JSON >>>>> >>>> Web >>> >>>> Tokens >>>>> < >>>>> >>>>> >>> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1 >>> >>>> I would like to propose a requirement to implement this in OfBiz, & >>>>> >>>> invite >>> >>>> you all to provide valuable inputs to conclude the requirements & >>>>> implementation plans. >>>>> >>>>> Thanks and Regards >>>>> *Rahul Bhooteshwar* >>>>> Enterprise Software Engineer >>>>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in >>>>> innovative enterprise commerce solutions **powered by Apache OFBiz.* >>>>> >>>>> >>>>> >> >> > -- Grégory Draperi |
Re: Token Based Authentication with Apache OfBiz
|
Administrator
|
In reply to this post by Rahul Bhooteshwar
Hi Rahul,
Did you finally implement this? If yes could you contribute or share? I'm currently working on such a solution and would prefer to share before contributing my own Jacques Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : > Hello All, > Recently felt the need of Token Based Authentication process in Apache > OfBiz while using OfBiz's business process offerings with standalone > clients like Mobile Apps, Angular JS based apps running outside Apache > OfBiz etc. > > What currently we are having in OfBiz is session based authentication > process which is *stateful*. But while dealing with the independently > running remote clients stateful authentication is not gonna work as we will > not be using *server-browser session* anymore in those cases. > > Following are the initial draft & supporting documents to proceed further: > > - Token Based Authentication in Apache OfBiz > <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv> > - Token Based Authentication > <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4> > - JSON Web Tokens > <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit> > - IETF's (Internet Engineering Task Force) Documentation for JSON Web > Tokens > <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1> > > I would like to propose a requirement to implement this in OfBiz, & invite > you all to provide valuable inputs to conclude the requirements & > implementation plans. > > Thanks and Regards > *Rahul Bhooteshwar* > Enterprise Software Engineer > HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in > innovative enterprise commerce solutions **powered by Apache OFBiz.* > |
Re: Token Based Authentication with Apache OfBiz
|
|
Jacques,
I think you can go with your solution, as no updates on this since long. Rishi Solanki Sr Manager, Enterprise Software Development HotWax Systems Pvt. Ltd. Direct: +91-9893287847 http://www.hotwaxsystems.com www.hotwax.co On Thu, Oct 5, 2017 at 1:49 AM, Jacques Le Roux < [hidden email]> wrote: > Hi Rahul, > > Did you finally implement this? If yes could you contribute or share? > > I'm currently working on such a solution and would prefer to share before > contributing my own > > Jacques > > > Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : > >> Hello All, >> Recently felt the need of Token Based Authentication process in Apache >> OfBiz while using OfBiz's business process offerings with standalone >> clients like Mobile Apps, Angular JS based apps running outside Apache >> OfBiz etc. >> >> What currently we are having in OfBiz is session based authentication >> process which is *stateful*. But while dealing with the independently >> running remote clients stateful authentication is not gonna work as we >> will >> not be using *server-browser session* anymore in those cases. >> >> Following are the initial draft & supporting documents to proceed further: >> >> - Token Based Authentication in Apache OfBiz >> <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJq >> kx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv> >> - Token Based Authentication >> <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcef >> cg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4> >> - JSON Web Tokens >> <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987 >> Q7KBocWAGvss2p4N4fIM/edit> >> - IETF's (Internet Engineering Task Force) Documentation for JSON Web >> Tokens >> <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUG >> c/view?pref=2&pli=1> >> >> I would like to propose a requirement to implement this in OfBiz, & invite >> you all to provide valuable inputs to conclude the requirements & >> implementation plans. >> >> Thanks and Regards >> *Rahul Bhooteshwar* >> Enterprise Software Engineer >> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in >> innovative enterprise commerce solutions **powered by Apache OFBiz.* >> >> > |
Re: Token Based Authentication with Apache OfBiz
|
Administrator
|
Thanks for feedback Rishi
Jacques Le 09/10/2017 à 16:33, Rishi Solanki a écrit : > Jacques, > > I think you can go with your solution, as no updates on this since long. > > Rishi Solanki > Sr Manager, Enterprise Software Development > HotWax Systems Pvt. Ltd. > Direct: +91-9893287847 > http://www.hotwaxsystems.com > www.hotwax.co > > On Thu, Oct 5, 2017 at 1:49 AM, Jacques Le Roux < > [hidden email]> wrote: > >> Hi Rahul, >> >> Did you finally implement this? If yes could you contribute or share? >> >> I'm currently working on such a solution and would prefer to share before >> contributing my own >> >> Jacques >> >> >> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : >> >>> Hello All, >>> Recently felt the need of Token Based Authentication process in Apache >>> OfBiz while using OfBiz's business process offerings with standalone >>> clients like Mobile Apps, Angular JS based apps running outside Apache >>> OfBiz etc. >>> >>> What currently we are having in OfBiz is session based authentication >>> process which is *stateful*. But while dealing with the independently >>> running remote clients stateful authentication is not gonna work as we >>> will >>> not be using *server-browser session* anymore in those cases. >>> >>> Following are the initial draft & supporting documents to proceed further: >>> >>> - Token Based Authentication in Apache OfBiz >>> <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJq >>> kx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv> >>> - Token Based Authentication >>> <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcef >>> cg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4> >>> - JSON Web Tokens >>> <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987 >>> Q7KBocWAGvss2p4N4fIM/edit> >>> - IETF's (Internet Engineering Task Force) Documentation for JSON Web >>> Tokens >>> <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUG >>> c/view?pref=2&pli=1> >>> >>> I would like to propose a requirement to implement this in OfBiz, & invite >>> you all to provide valuable inputs to conclude the requirements & >>> implementation plans. >>> >>> Thanks and Regards >>> *Rahul Bhooteshwar* >>> Enterprise Software Engineer >>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in >>> innovative enterprise commerce solutions **powered by Apache OFBiz.* >>> >>> |
Re: Token Based Authentication with Apache OfBiz
|
|
In reply to this post by Jacques Le Roux
Hi Jacques,
I am also working on JWT (Jason Web Token) mechanism. I'll share the JWT design and detail Sorry for too late reply. Here is the ticket for this work https://issues.apache.org/jira/browse/OFBIZ-9833 We can discuss more over ticket . Thanks & Regards -- Deepak Dixit www.hotwaxsystems.com www.hotwax.co On Thu, Oct 5, 2017 at 1:49 AM, Jacques Le Roux < [hidden email]> wrote: > Hi Rahul, > > Did you finally implement this? If yes could you contribute or share? > > I'm currently working on such a solution and would prefer to share before > contributing my own > > Jacques > > > Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : > >> Hello All, >> Recently felt the need of Token Based Authentication process in Apache >> OfBiz while using OfBiz's business process offerings with standalone >> clients like Mobile Apps, Angular JS based apps running outside Apache >> OfBiz etc. >> >> What currently we are having in OfBiz is session based authentication >> process which is *stateful*. But while dealing with the independently >> running remote clients stateful authentication is not gonna work as we >> will >> not be using *server-browser session* anymore in those cases. >> >> Following are the initial draft & supporting documents to proceed further: >> >> - Token Based Authentication in Apache OfBiz >> <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJq >> kx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv> >> - Token Based Authentication >> <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcef >> cg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4> >> - JSON Web Tokens >> <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987 >> Q7KBocWAGvss2p4N4fIM/edit> >> - IETF's (Internet Engineering Task Force) Documentation for JSON Web >> Tokens >> <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUG >> c/view?pref=2&pli=1> >> >> I would like to propose a requirement to implement this in OfBiz, & invite >> you all to provide valuable inputs to conclude the requirements & >> implementation plans. >> >> Thanks and Regards >> *Rahul Bhooteshwar* >> Enterprise Software Engineer >> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in >> innovative enterprise commerce solutions **powered by Apache OFBiz.* >> >> > |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |