Token Based Authentication with Apache OfBiz

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Token Based Authentication with Apache OfBiz

Rahul Bhooteshwar
Hello All,
Recently felt the need of Token Based Authentication process in Apache
OfBiz while using OfBiz's business process offerings with standalone
clients like Mobile Apps, Angular JS based apps running outside Apache
OfBiz etc.

What currently we are having in OfBiz is session based authentication
process which is *stateful*. But while dealing with the independently
running remote clients stateful authentication is not gonna work as we will
not be using *server-browser session* anymore in those cases.

Following are the initial draft & supporting documents to proceed further:

   - Token Based Authentication in Apache OfBiz
   <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
   - Token Based Authentication
   <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
   - JSON Web Tokens
   <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit>
   - IETF's  (Internet Engineering Task Force) Documentation for JSON Web
   Tokens
   <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1>

I would like to propose a requirement to implement this in OfBiz, & invite
you all to provide valuable inputs to conclude the requirements &
implementation plans.

Thanks and Regards
*Rahul Bhooteshwar*
Enterprise Software Engineer
HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
innovative enterprise commerce solutions **powered by Apache OFBiz.*
Reply | Threaded
Open this post in threaded view
|

Re: Token Based Authentication with Apache OfBiz

Jacques Le Roux
Administrator
We (I was then working with ilscipio) did something like that for a client, and I agree it's the way to go.

I mean that I agree with "We are not going to implement the Token Based Authentication process at low level. Behind the scenes, we will be using the
current work flow as is"

Disclaimer: I did not look into all details. Also we planned to use OpenId but eventually the Token Based Authentication we used was specific and
proprietary to the client (this remembered me http://markmail.org/message/7vtjvjomneimspvl)

Jacques


Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :

> Hello All,
> Recently felt the need of Token Based Authentication process in Apache
> OfBiz while using OfBiz's business process offerings with standalone
> clients like Mobile Apps, Angular JS based apps running outside Apache
> OfBiz etc.
>
> What currently we are having in OfBiz is session based authentication
> process which is *stateful*. But while dealing with the independently
> running remote clients stateful authentication is not gonna work as we will
> not be using *server-browser session* anymore in those cases.
>
> Following are the initial draft & supporting documents to proceed further:
>
>     - Token Based Authentication in Apache OfBiz
>     <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
>     - Token Based Authentication
>     <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
>     - JSON Web Tokens
>     <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit>
>     - IETF's  (Internet Engineering Task Force) Documentation for JSON Web
>     Tokens
>     <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1>
>
> I would like to propose a requirement to implement this in OfBiz, & invite
> you all to provide valuable inputs to conclude the requirements &
> implementation plans.
>
> Thanks and Regards
> *Rahul Bhooteshwar*
> Enterprise Software Engineer
> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>

Reply | Threaded
Open this post in threaded view
|

Re: Token Based Authentication with Apache OfBiz

Rishi Solanki
Rahul,

Thanks for detailed proposal, I gone thru all the details. No changes in
the current auth system, and achieving token based authentication looks a
good idea to me.

Agree on all the details provided and will try to participate in the
reviewing the design/implementation.


+1.


Rishi Solanki
Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com

On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux <
[hidden email]> wrote:

> We (I was then working with ilscipio) did something like that for a
> client, and I agree it's the way to go.
>
> I mean that I agree with "We are not going to implement the Token Based
> Authentication process at low level. Behind the scenes, we will be using
> the current work flow as is"
>
> Disclaimer: I did not look into all details. Also we planned to use OpenId
> but eventually the Token Based Authentication we used was specific and
> proprietary to the client (this remembered me
> http://markmail.org/message/7vtjvjomneimspvl)
>
> Jacques
>
>
>
> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>
>> Hello All,
>> Recently felt the need of Token Based Authentication process in Apache
>> OfBiz while using OfBiz's business process offerings with standalone
>> clients like Mobile Apps, Angular JS based apps running outside Apache
>> OfBiz etc.
>>
>> What currently we are having in OfBiz is session based authentication
>> process which is *stateful*. But while dealing with the independently
>> running remote clients stateful authentication is not gonna work as we
>> will
>> not be using *server-browser session* anymore in those cases.
>>
>> Following are the initial draft & supporting documents to proceed further:
>>
>>     - Token Based Authentication in Apache OfBiz
>>     <
>> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv
>> >
>>     - Token Based Authentication
>>     <
>> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4
>> >
>>     - JSON Web Tokens
>>     <
>> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit
>> >
>>     - IETF's  (Internet Engineering Task Force) Documentation for JSON Web
>>     Tokens
>>     <
>> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1
>> >
>>
>> I would like to propose a requirement to implement this in OfBiz, & invite
>> you all to provide valuable inputs to conclude the requirements &
>> implementation plans.
>>
>> Thanks and Regards
>> *Rahul Bhooteshwar*
>> Enterprise Software Engineer
>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: Token Based Authentication with Apache OfBiz

gregory draperi
Hi guys,

JSON web tokens are suitable for one time authentication between parties
but they have important drawbacks if they are used as a session mechanism
(how to store them, not possible to invalidate one...)

There is a nice article on this:
http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/

Best wishes,

Gregory



2016-07-13 13:19 GMT+02:00 Rishi Solanki <[hidden email]>:

> Rahul,
>
> Thanks for detailed proposal, I gone thru all the details. No changes in
> the current auth system, and achieving token based authentication looks a
> good idea to me.
>
> Agree on all the details provided and will try to participate in the
> reviewing the design/implementation.
>
>
> +1.
>
>
> Rishi Solanki
> Manager, Enterprise Software Development
> HotWax Systems Pvt. Ltd.
> Direct: +91-9893287847
> http://www.hotwaxsystems.com
>
> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux <
> [hidden email]> wrote:
>
> > We (I was then working with ilscipio) did something like that for a
> > client, and I agree it's the way to go.
> >
> > I mean that I agree with "We are not going to implement the Token Based
> > Authentication process at low level. Behind the scenes, we will be using
> > the current work flow as is"
> >
> > Disclaimer: I did not look into all details. Also we planned to use
> OpenId
> > but eventually the Token Based Authentication we used was specific and
> > proprietary to the client (this remembered me
> > http://markmail.org/message/7vtjvjomneimspvl)
> >
> > Jacques
> >
> >
> >
> > Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
> >
> >> Hello All,
> >> Recently felt the need of Token Based Authentication process in Apache
> >> OfBiz while using OfBiz's business process offerings with standalone
> >> clients like Mobile Apps, Angular JS based apps running outside Apache
> >> OfBiz etc.
> >>
> >> What currently we are having in OfBiz is session based authentication
> >> process which is *stateful*. But while dealing with the independently
> >> running remote clients stateful authentication is not gonna work as we
> >> will
> >> not be using *server-browser session* anymore in those cases.
> >>
> >> Following are the initial draft & supporting documents to proceed
> further:
> >>
> >>     - Token Based Authentication in Apache OfBiz
> >>     <
> >>
> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv
> >> >
> >>     - Token Based Authentication
> >>     <
> >>
> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4
> >> >
> >>     - JSON Web Tokens
> >>     <
> >>
> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit
> >> >
> >>     - IETF's  (Internet Engineering Task Force) Documentation for JSON
> Web
> >>     Tokens
> >>     <
> >>
> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1
> >> >
> >>
> >> I would like to propose a requirement to implement this in OfBiz, &
> invite
> >> you all to provide valuable inputs to conclude the requirements &
> >> implementation plans.
> >>
> >> Thanks and Regards
> >> *Rahul Bhooteshwar*
> >> Enterprise Software Engineer
> >> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
> >> innovative enterprise commerce solutions **powered by Apache OFBiz.*
> >>
> >>
> >
>



--
Grégory Draperi
Reply | Threaded
Open this post in threaded view
|

Re: Token Based Authentication with Apache OfBiz

Jacques Le Roux
Administrator
HI Gregory,

If I'm not mistaken (I'll not do it) the idea is indeed to use tokens for one time authentication, but to then use OFBiz current work flow for the
rest (ie handling sessions)

Quoting below: "Behind the scenes, we will be using the current work flow as is"

This is also what we did with the project I spoke about.

Thanks for the article!

Jacques


Le 22/07/2016 à 15:53, gregory draperi a écrit :

> Hi guys,
>
> JSON web tokens are suitable for one time authentication between parties
> but they have important drawbacks if they are used as a session mechanism
> (how to store them, not possible to invalidate one...)
>
> There is a nice article on this:
> http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
>
> Best wishes,
>
> Gregory
>
>
>
> 2016-07-13 13:19 GMT+02:00 Rishi Solanki <[hidden email]>:
>
>> Rahul,
>>
>> Thanks for detailed proposal, I gone thru all the details. No changes in
>> the current auth system, and achieving token based authentication looks a
>> good idea to me.
>>
>> Agree on all the details provided and will try to participate in the
>> reviewing the design/implementation.
>>
>>
>> +1.
>>
>>
>> Rishi Solanki
>> Manager, Enterprise Software Development
>> HotWax Systems Pvt. Ltd.
>> Direct: +91-9893287847
>> http://www.hotwaxsystems.com
>>
>> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux <
>> [hidden email]> wrote:
>>
>>> We (I was then working with ilscipio) did something like that for a
>>> client, and I agree it's the way to go.
>>>
>>> I mean that I agree with "We are not going to implement the Token Based
>>> Authentication process at low level. Behind the scenes, we will be using
>>> the current work flow as is"
>>>
>>> Disclaimer: I did not look into all details. Also we planned to use
>> OpenId
>>> but eventually the Token Based Authentication we used was specific and
>>> proprietary to the client (this remembered me
>>> http://markmail.org/message/7vtjvjomneimspvl)
>>>
>>> Jacques
>>>
>>>
>>>
>>> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>>>
>>>> Hello All,
>>>> Recently felt the need of Token Based Authentication process in Apache
>>>> OfBiz while using OfBiz's business process offerings with standalone
>>>> clients like Mobile Apps, Angular JS based apps running outside Apache
>>>> OfBiz etc.
>>>>
>>>> What currently we are having in OfBiz is session based authentication
>>>> process which is *stateful*. But while dealing with the independently
>>>> running remote clients stateful authentication is not gonna work as we
>>>> will
>>>> not be using *server-browser session* anymore in those cases.
>>>>
>>>> Following are the initial draft & supporting documents to proceed
>> further:
>>>>      - Token Based Authentication in Apache OfBiz
>>>>      <
>>>>
>> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv
>>>>      - Token Based Authentication
>>>>      <
>>>>
>> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4
>>>>      - JSON Web Tokens
>>>>      <
>>>>
>> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit
>>>>      - IETF's  (Internet Engineering Task Force) Documentation for JSON
>> Web
>>>>      Tokens
>>>>      <
>>>>
>> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1
>>>> I would like to propose a requirement to implement this in OfBiz, &
>> invite
>>>> you all to provide valuable inputs to conclude the requirements &
>>>> implementation plans.
>>>>
>>>> Thanks and Regards
>>>> *Rahul Bhooteshwar*
>>>> Enterprise Software Engineer
>>>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>>>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>>>
>>>>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Token Based Authentication with Apache OfBiz

gregory draperi
Hi Jacques,

Okay, so I misunderstood the goal. You can forget what I said :)
Still the article is really interesting :)

Cheers,

Gregory

2016-07-23 12:55 GMT+02:00 Jacques Le Roux <[hidden email]>:

> HI Gregory,
>
> If I'm not mistaken (I'll not do it) the idea is indeed to use tokens for
> one time authentication, but to then use OFBiz current work flow for the
> rest (ie handling sessions)
>
> Quoting below: "Behind the scenes, we will be using the current work flow
> as is"
>
> This is also what we did with the project I spoke about.
>
> Thanks for the article!
>
> Jacques
>
>
>
> Le 22/07/2016 à 15:53, gregory draperi a écrit :
>
>> Hi guys,
>>
>> JSON web tokens are suitable for one time authentication between parties
>> but they have important drawbacks if they are used as a session mechanism
>> (how to store them, not possible to invalidate one...)
>>
>> There is a nice article on this:
>> http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
>>
>> Best wishes,
>>
>> Gregory
>>
>>
>>
>> 2016-07-13 13:19 GMT+02:00 Rishi Solanki <[hidden email]>:
>>
>> Rahul,
>>>
>>> Thanks for detailed proposal, I gone thru all the details. No changes in
>>> the current auth system, and achieving token based authentication looks a
>>> good idea to me.
>>>
>>> Agree on all the details provided and will try to participate in the
>>> reviewing the design/implementation.
>>>
>>>
>>> +1.
>>>
>>>
>>> Rishi Solanki
>>> Manager, Enterprise Software Development
>>> HotWax Systems Pvt. Ltd.
>>> Direct: +91-9893287847
>>> http://www.hotwaxsystems.com
>>>
>>> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux <
>>> [hidden email]> wrote:
>>>
>>> We (I was then working with ilscipio) did something like that for a
>>>> client, and I agree it's the way to go.
>>>>
>>>> I mean that I agree with "We are not going to implement the Token Based
>>>> Authentication process at low level. Behind the scenes, we will be using
>>>> the current work flow as is"
>>>>
>>>> Disclaimer: I did not look into all details. Also we planned to use
>>>>
>>> OpenId
>>>
>>>> but eventually the Token Based Authentication we used was specific and
>>>> proprietary to the client (this remembered me
>>>> http://markmail.org/message/7vtjvjomneimspvl)
>>>>
>>>> Jacques
>>>>
>>>>
>>>>
>>>> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>>>>
>>>> Hello All,
>>>>> Recently felt the need of Token Based Authentication process in Apache
>>>>> OfBiz while using OfBiz's business process offerings with standalone
>>>>> clients like Mobile Apps, Angular JS based apps running outside Apache
>>>>> OfBiz etc.
>>>>>
>>>>> What currently we are having in OfBiz is session based authentication
>>>>> process which is *stateful*. But while dealing with the independently
>>>>> running remote clients stateful authentication is not gonna work as we
>>>>> will
>>>>> not be using *server-browser session* anymore in those cases.
>>>>>
>>>>> Following are the initial draft & supporting documents to proceed
>>>>>
>>>> further:
>>>
>>>>      - Token Based Authentication in Apache OfBiz
>>>>>      <
>>>>>
>>>>>
>>> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv
>>>
>>>>      - Token Based Authentication
>>>>>      <
>>>>>
>>>>>
>>> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4
>>>
>>>>      - JSON Web Tokens
>>>>>      <
>>>>>
>>>>>
>>> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit
>>>
>>>>      - IETF's  (Internet Engineering Task Force) Documentation for JSON
>>>>>
>>>> Web
>>>
>>>>      Tokens
>>>>>      <
>>>>>
>>>>>
>>> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1
>>>
>>>> I would like to propose a requirement to implement this in OfBiz, &
>>>>>
>>>> invite
>>>
>>>> you all to provide valuable inputs to conclude the requirements &
>>>>> implementation plans.
>>>>>
>>>>> Thanks and Regards
>>>>> *Rahul Bhooteshwar*
>>>>> Enterprise Software Engineer
>>>>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>>>>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>>>>
>>>>>
>>>>>
>>
>>
>


--
Grégory Draperi
Reply | Threaded
Open this post in threaded view
|

Re: Token Based Authentication with Apache OfBiz

Jacques Le Roux
Administrator
In reply to this post by Rahul Bhooteshwar
Hi Rahul,

Did you finally implement this? If yes could you contribute or share?

I'm currently working on such a solution and would prefer to share before contributing my own

Jacques


Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :

> Hello All,
> Recently felt the need of Token Based Authentication process in Apache
> OfBiz while using OfBiz's business process offerings with standalone
> clients like Mobile Apps, Angular JS based apps running outside Apache
> OfBiz etc.
>
> What currently we are having in OfBiz is session based authentication
> process which is *stateful*. But while dealing with the independently
> running remote clients stateful authentication is not gonna work as we will
> not be using *server-browser session* anymore in those cases.
>
> Following are the initial draft & supporting documents to proceed further:
>
>     - Token Based Authentication in Apache OfBiz
>     <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
>     - Token Based Authentication
>     <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
>     - JSON Web Tokens
>     <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit>
>     - IETF's  (Internet Engineering Task Force) Documentation for JSON Web
>     Tokens
>     <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1>
>
> I would like to propose a requirement to implement this in OfBiz, & invite
> you all to provide valuable inputs to conclude the requirements &
> implementation plans.
>
> Thanks and Regards
> *Rahul Bhooteshwar*
> Enterprise Software Engineer
> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>

Reply | Threaded
Open this post in threaded view
|

Re: Token Based Authentication with Apache OfBiz

Rishi Solanki
Jacques,

I think you can go with your solution, as no updates on this since long.

Rishi Solanki
Sr Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com
www.hotwax.co

On Thu, Oct 5, 2017 at 1:49 AM, Jacques Le Roux <
[hidden email]> wrote:

> Hi Rahul,
>
> Did you finally implement this? If yes could you contribute or share?
>
> I'm currently working on such a solution and would prefer to share before
> contributing my own
>
> Jacques
>
>
> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>
>> Hello All,
>> Recently felt the need of Token Based Authentication process in Apache
>> OfBiz while using OfBiz's business process offerings with standalone
>> clients like Mobile Apps, Angular JS based apps running outside Apache
>> OfBiz etc.
>>
>> What currently we are having in OfBiz is session based authentication
>> process which is *stateful*. But while dealing with the independently
>> running remote clients stateful authentication is not gonna work as we
>> will
>> not be using *server-browser session* anymore in those cases.
>>
>> Following are the initial draft & supporting documents to proceed further:
>>
>>     - Token Based Authentication in Apache OfBiz
>>     <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJq
>> kx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
>>     - Token Based Authentication
>>     <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcef
>> cg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
>>     - JSON Web Tokens
>>     <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987
>> Q7KBocWAGvss2p4N4fIM/edit>
>>     - IETF's  (Internet Engineering Task Force) Documentation for JSON Web
>>     Tokens
>>     <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUG
>> c/view?pref=2&pli=1>
>>
>> I would like to propose a requirement to implement this in OfBiz, & invite
>> you all to provide valuable inputs to conclude the requirements &
>> implementation plans.
>>
>> Thanks and Regards
>> *Rahul Bhooteshwar*
>> Enterprise Software Engineer
>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: Token Based Authentication with Apache OfBiz

Jacques Le Roux
Administrator
Thanks for feedback Rishi

Jacques


Le 09/10/2017 à 16:33, Rishi Solanki a écrit :

> Jacques,
>
> I think you can go with your solution, as no updates on this since long.
>
> Rishi Solanki
> Sr Manager, Enterprise Software Development
> HotWax Systems Pvt. Ltd.
> Direct: +91-9893287847
> http://www.hotwaxsystems.com
> www.hotwax.co
>
> On Thu, Oct 5, 2017 at 1:49 AM, Jacques Le Roux <
> [hidden email]> wrote:
>
>> Hi Rahul,
>>
>> Did you finally implement this? If yes could you contribute or share?
>>
>> I'm currently working on such a solution and would prefer to share before
>> contributing my own
>>
>> Jacques
>>
>>
>> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>>
>>> Hello All,
>>> Recently felt the need of Token Based Authentication process in Apache
>>> OfBiz while using OfBiz's business process offerings with standalone
>>> clients like Mobile Apps, Angular JS based apps running outside Apache
>>> OfBiz etc.
>>>
>>> What currently we are having in OfBiz is session based authentication
>>> process which is *stateful*. But while dealing with the independently
>>> running remote clients stateful authentication is not gonna work as we
>>> will
>>> not be using *server-browser session* anymore in those cases.
>>>
>>> Following are the initial draft & supporting documents to proceed further:
>>>
>>>      - Token Based Authentication in Apache OfBiz
>>>      <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJq
>>> kx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
>>>      - Token Based Authentication
>>>      <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcef
>>> cg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
>>>      - JSON Web Tokens
>>>      <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987
>>> Q7KBocWAGvss2p4N4fIM/edit>
>>>      - IETF's  (Internet Engineering Task Force) Documentation for JSON Web
>>>      Tokens
>>>      <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUG
>>> c/view?pref=2&pli=1>
>>>
>>> I would like to propose a requirement to implement this in OfBiz, & invite
>>> you all to provide valuable inputs to conclude the requirements &
>>> implementation plans.
>>>
>>> Thanks and Regards
>>> *Rahul Bhooteshwar*
>>> Enterprise Software Engineer
>>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>>
>>>

Reply | Threaded
Open this post in threaded view
|

Re: Token Based Authentication with Apache OfBiz

Deepak Dixit-3
In reply to this post by Jacques Le Roux
Hi Jacques,


I am also working on JWT (Jason Web Token) mechanism. I'll share the JWT
design and detail
Sorry for too late reply.
Here is the ticket for this work
https://issues.apache.org/jira/browse/OFBIZ-9833

We can discuss more over ticket .


Thanks & Regards
--
Deepak Dixit
www.hotwaxsystems.com
www.hotwax.co

On Thu, Oct 5, 2017 at 1:49 AM, Jacques Le Roux <
[hidden email]> wrote:

> Hi Rahul,
>
> Did you finally implement this? If yes could you contribute or share?
>
> I'm currently working on such a solution and would prefer to share before
> contributing my own
>
> Jacques
>
>
> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :
>
>> Hello All,
>> Recently felt the need of Token Based Authentication process in Apache
>> OfBiz while using OfBiz's business process offerings with standalone
>> clients like Mobile Apps, Angular JS based apps running outside Apache
>> OfBiz etc.
>>
>> What currently we are having in OfBiz is session based authentication
>> process which is *stateful*. But while dealing with the independently
>> running remote clients stateful authentication is not gonna work as we
>> will
>> not be using *server-browser session* anymore in those cases.
>>
>> Following are the initial draft & supporting documents to proceed further:
>>
>>     - Token Based Authentication in Apache OfBiz
>>     <https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJq
>> kx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv>
>>     - Token Based Authentication
>>     <https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcef
>> cg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4>
>>     - JSON Web Tokens
>>     <https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987
>> Q7KBocWAGvss2p4N4fIM/edit>
>>     - IETF's  (Internet Engineering Task Force) Documentation for JSON Web
>>     Tokens
>>     <https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUG
>> c/view?pref=2&pli=1>
>>
>> I would like to propose a requirement to implement this in OfBiz, & invite
>> you all to provide valuable inputs to conclude the requirements &
>> implementation plans.
>>
>> Thanks and Regards
>> *Rahul Bhooteshwar*
>> Enterprise Software Engineer
>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in
>> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>>
>>
>