These are chat archives for spring-cloud/spring-cloud

25th
Jun 2015
Bryce Budd
@brycebudd
Jun 25 2015 02:29
@dsyer I need to specify the uri for redirect due to unusual routing constraints. Most of the authorization server implementations I've seen seem to follow a "best practice" of specifying a predefined redirect per service provider. I think some clear, easy to find documentation around redirect options for client/server contexts is something that would help.
Leon Radley
@leon
Jun 25 2015 07:03
@dsyer What would you think about adding a custom @ClientCredentials annotation that works the same way @LoadBalanced works?
I’m unsure if we can have multiple @Qualifier annotations, so if I would like a load balanced client credentials rest template I would do
@Inject
@ClientCredentials
@LoadBalanced
private RestTemplate template;
Dave Syer
@dsyer
Jun 25 2015 07:22
Sound sensible
I don't know if we can squeeze it into 1.0.2 unless we are fast
Leon Radley
@leon
Jun 25 2015 07:24
Do you know if you can have multiple @Qualifiers on a bean?
Dave Syer
@dsyer
Jun 25 2015 07:25
I know that a qualifier can be qualified
Would t take long to find out with a test case
Leon Radley
@leon
Jun 25 2015 07:25
that’s true
still havent got the build working
Dave Syer
@dsyer
Jun 25 2015 07:25
Really?
Are you just building security ?
Leon Radley
@leon
Jun 25 2015 07:26
Since all the dependencies for security is 1.0.2-SNAPSHOT it cannot find those
Dave Syer
@dsyer
Jun 25 2015 07:27
You are using the .settings.xml?
Leon Radley
@leon
Jun 25 2015 07:27
ahh, that worked alot better :)
Dave Syer
@dsyer
Jun 25 2015 09:56
I need to split up the security module add give it a parent pom
It will impact your PR
Dave Syer
@dsyer
Jun 25 2015 13:03
The release is done now (excluding the PR)
Need to announce it...
Leon Radley
@leon
Jun 25 2015 13:29
great, we can have a look at the PR soonish
Pedro Vilaça
@pmvilaca
Jun 25 2015 16:35
@dsyer what do you think about using oauth2 password flow instead of the authorization flow for the spring security angular demo?
Dave Syer
@dsyer
Jun 25 2015 16:36
Bad move
It goes against the grain of the articles
Password flow is for native/mobile. Auto code is for browsers.
Someone suggested I should do a mobile client as a further example. In that case I think it would be justified.
Pedro Vilaça
@pmvilaca
Jun 25 2015 16:38
even if we’re using our own oauth2 server for our own application?
Dave Syer
@dsyer
Jun 25 2015 16:38
s/Auto/Auth/
@gitter your mobile app sucks
@pmvilaca that doesn't change the client
But I guess if you write all the code you can be more diligent.
You trust all your developers to understand the issues?
Pedro Vilaça
@pmvilaca
Jun 25 2015 16:41
I mean.. taking the facebook example.. it would be weird if facebook ask me to authorize them to use my account to give me access to facebook
@dsyer didn’t get the question.. maybe my question is more a oauth2 question and not really spring-cloud related
Dave Syer
@dsyer
Jun 25 2015 16:49
That's why we have auto approve
Pedro Vilaça
@pmvilaca
Jun 25 2015 16:50
@dsyer is that from oauth2 specification?
Dave Syer
@dsyer
Jun 25 2015 16:51
Not really. The spec just says "obtain approval".
And yes, this is an oauth2 question not a cloud question
Auto approve means the user approved the grant by being registered
That's pretty common in Oauth2 SSO
Pedro Vilaça
@pmvilaca
Jun 25 2015 16:52
@dsyer you’re right.. sorry for the unrelated topic