OAuth 2.0 Provider

Hello,

This is a general inquiry for CFML Developers. I figured I would ask here
since this is one of the only main groups I know for CFML Developers. My
apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the
OAuth 2.0 Provider side. However, I am either not looking in the right
places on the internet or there simply not much out there for CFML
developers to implement the OAuth 2.0 Provider portion. Everything I am
finding related to OAuth 2.0 and CFML is designed for the Client side and I
find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or
references to lead me in the right direction for creating the OAuth 2.0 to
implement as a Provider? Essentially, I need to create the OAuth server
for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton

A while back when looking at oauth implementations for a project I invested in, I briefly considered writing a CFML port of Apache OLTU (https://oltu.apache.org/) to create an OAuth2 server. However, if you look deeply at OAuth 2, there’s really very very little in the way of specifics when it comes to actually implementing an OAuth 2 API. (And it’s not just me who says this). If you look at specific OAuth2 services available out there, they’re all pretty unique in their implementations. OAuth2 is less of a specification, and more of a lose set of guidelines IMHO.

Even though Harry Klein’s OAuth library was designed for Oauth 1.0, the guidelines for OAuth 2 are so loose I believe it’s possible to create an OAuth 2 compatible server using it as well:
http://oauth.riaforge.org/

Some interesting drama with regards to the OAuth 2 specification:
http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/

For Oauth 2.0 clients, I found the Scribe project, written in Java, to be pretty flexible:
https://github.com/fernandezpablo85/scribe-java/

Again, I considered porting it to CFML, but I found that Joel Hill had already started to create a port, so I teamed up with him and fleshed out a fully realized Twitter API using scribe:
https://github.com/JoelHill/cfScribe

That was pretty fun to play with for a bit. =) I intended to create Facebook and Google API’s using scribe as well, but I ran out of time playing with the Twitter API, so the Google and Facebook implementations have been moved to the “some day” folder…

Anyway… hope this helps.

-Jordan----- Original Message -----
From: “Ryan Hinton” <@Ryan_Hinton>
To: lucee@googlegroups.com
Sent: Thursday, June 11, 2015 3:23:46 PM
Subject: [Lucee] OAuth 2.0 Provider

Hello,

This is a general inquiry for CFML Developers. I figured I would ask here
since this is one of the only main groups I know for CFML Developers. My
apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the
OAuth 2.0 Provider side. However, I am either not looking in the right
places on the internet or there simply not much out there for CFML
developers to implement the OAuth 2.0 Provider portion. Everything I am
finding related to OAuth 2.0 and CFML is designed for the Client side and I
find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or
references to lead me in the right direction for creating the OAuth 2.0 to
implement as a Provider? Essentially, I need to create the OAuth server
for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Excellent information about my digesting of misinformation!
I would just like to kick some bad posts in the teeth! lol

Thank you, Jordan. :-)On Friday, June 12, 2015 at 2:55:50 PM UTC-4, Jordan Michaels wrote:

Hi Ryan,

I hear you about the language support bro; hence why I was considering
writing a port.

I have read that OAuth 1.0 is not as secure as OAuth 2.0.

I would say the opposite is true. OAuth 2.0 is LESS secure than OAuth 1.0.
In 1.0, you effectively have two layers of encryption. When you build the
token in 1.0, you encrypt the token itself as part of the process, then
when you send it over SSL, you encrypt it again. With 2.0, you don’t
encrypt the token at all, and rely exclusively on SSL to provide the
encryption. As a server administrator, I can see why large companies would
want this. Encryption requires CPU overhead to encrypt and decrypt. If you
have two layers of encryption, you’re requiring double the amount of CPU to
process a request. If you’re Facebook, Twitter, or Google, the OAuth 2.0
spec would be far more appealing because it requires half the amount of CPU
to process the millions of requests you receive every minute. This results
in to far less hardware, heat, and facilities required to serve the same
number of visitors. That is almost certainly why the large companies
involved in OAuth pushed for relaxed security in the 2.0 spec.

If you haven’t yet, I’d recommend reading this:
http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/

“When compared with OAuth 1.0, the 2.0 specification is more complex, less
interoperable, less useful, more incomplete, and most importantly, less
secure.”

If nothing else, it’s some history that explains why things are the way
they are with OAuth 2.0.

-Jordan

----- Original Message -----
From: “Ryan Hinton” <ry...@hintonco.com <javascript:>>
To: lu...@googlegroups.com <javascript:>
Sent: Friday, June 12, 2015 6:25:38 AM
Subject: Re: [Lucee] OAuth 2.0 Provider

Thank you for your feedback, Jordan.

It’s slightly upsetting to see so many providers in what looks like almost
every language but ours. lol I will look into Harry Klein’s OAuth 1.0
version to see how much it would take to convert. I have a time
constraint
on this, so it may not be doable, I hope it might be easy and quick enough
to do.

I have read that OAuth 1.0 is not as secure as OAuth 2.0. Is this really
true, especially if we are passing information via SSL? What would truly
be the downside of using the OAuth 1.0 version of Harry Klein’s versus
using OAuth 2.0?

Thank you for any feedback.
Ryan Hinton

On Thursday, June 11, 2015 at 6:58:49 PM UTC-4, Jordan Michaels wrote:

A while back when looking at oauth implementations for a project I
invested in, I briefly considered writing a CFML port of Apache OLTU (
https://oltu.apache.org/) to create an OAuth2 server. However, if you
look deeply at OAuth 2, there’s really very very little in the way of
specifics when it comes to actually implementing an OAuth 2 API. (And
it’s
not just me who says this). If you look at specific OAuth2 services
available out there, they’re all pretty unique in their implementations.
OAuth2 is less of a specification, and more of a lose set of guidelines
IMHO.

Even though Harry Klein’s OAuth library was designed for Oauth 1.0, the
guidelines for OAuth 2 are so loose I believe it’s possible to create an
OAuth 2 compatible server using it as well:
http://oauth.riaforge.org/

Some interesting drama with regards to the OAuth 2 specification:
http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/

For Oauth 2.0 clients, I found the Scribe project, written in Java, to
be
pretty flexible:
https://github.com/fernandezpablo85/scribe-java/

Again, I considered porting it to CFML, but I found that Joel Hill had
already started to create a port, so I teamed up with him and fleshed
out a
fully realized Twitter API using scribe:
https://github.com/JoelHill/cfScribe

That was pretty fun to play with for a bit. =) I intended to create
Facebook and Google API’s using scribe as well, but I ran out of time
playing with the Twitter API, so the Google and Facebook implementations
have been moved to the “some day” folder…

Anyway… hope this helps.

-Jordan

----- Original Message -----
From: “Ryan Hinton” <ry...@hintonco.com <javascript:>>
To: lu...@googlegroups.com <javascript:>
Sent: Thursday, June 11, 2015 3:23:46 PM
Subject: [Lucee] OAuth 2.0 Provider

Hello,

This is a general inquiry for CFML Developers. I figured I would ask
here
since this is one of the only main groups I know for CFML Developers.
My
apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the
OAuth 2.0 Provider side. However, I am either not looking in the right
places on the internet or there simply not much out there for CFML
developers to implement the OAuth 2.0 Provider portion. Everything I am
finding related to OAuth 2.0 and CFML is designed for the Client side
and
I
find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or
references to lead me in the right direction for creating the OAuth 2.0
to
implement as a Provider? Essentially, I need to create the OAuth server
for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton


You received this message because you are subscribed to the Google
Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com
<javascript:>.

To view this discussion on the web visit

https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>.

To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/2b34bdd8-941c-47bb-b099-a086a540e14c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Hi Ryan,

I hear you about the language support bro; hence why I was considering writing a port.

I have read that OAuth 1.0 is not as secure as OAuth 2.0.

I would say the opposite is true. OAuth 2.0 is LESS secure than OAuth 1.0. In 1.0, you effectively have two layers of encryption. When you build the token in 1.0, you encrypt the token itself as part of the process, then when you send it over SSL, you encrypt it again. With 2.0, you don’t encrypt the token at all, and rely exclusively on SSL to provide the encryption. As a server administrator, I can see why large companies would want this. Encryption requires CPU overhead to encrypt and decrypt. If you have two layers of encryption, you’re requiring double the amount of CPU to process a request. If you’re Facebook, Twitter, or Google, the OAuth 2.0 spec would be far more appealing because it requires half the amount of CPU to process the millions of requests you receive every minute. This results in to far less hardware, heat, and facilities required to serve the same number of visitors. That is almost certainly why the large companies involved in OAuth pushed for relaxed security in the 2.0 spec.

If you haven’t yet, I’d recommend reading this:
http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/

“When compared with OAuth 1.0, the 2.0 specification is more complex, less interoperable, less useful, more incomplete, and most importantly, less secure.”

If nothing else, it’s some history that explains why things are the way they are with OAuth 2.0.

-Jordan----- Original Message -----
From: “Ryan Hinton” <@Ryan_Hinton>
To: lucee@googlegroups.com
Sent: Friday, June 12, 2015 6:25:38 AM
Subject: Re: [Lucee] OAuth 2.0 Provider

Thank you for your feedback, Jordan.

It’s slightly upsetting to see so many providers in what looks like almost
every language but ours. lol I will look into Harry Klein’s OAuth 1.0
version to see how much it would take to convert. I have a time constraint
on this, so it may not be doable, I hope it might be easy and quick enough
to do.

I have read that OAuth 1.0 is not as secure as OAuth 2.0. Is this really
true, especially if we are passing information via SSL? What would truly
be the downside of using the OAuth 1.0 version of Harry Klein’s versus
using OAuth 2.0?

Thank you for any feedback.
Ryan Hinton

On Thursday, June 11, 2015 at 6:58:49 PM UTC-4, Jordan Michaels wrote:

A while back when looking at oauth implementations for a project I
invested in, I briefly considered writing a CFML port of Apache OLTU (
https://oltu.apache.org/) to create an OAuth2 server. However, if you
look deeply at OAuth 2, there’s really very very little in the way of
specifics when it comes to actually implementing an OAuth 2 API. (And it’s
not just me who says this). If you look at specific OAuth2 services
available out there, they’re all pretty unique in their implementations.
OAuth2 is less of a specification, and more of a lose set of guidelines
IMHO.

Even though Harry Klein’s OAuth library was designed for Oauth 1.0, the
guidelines for OAuth 2 are so loose I believe it’s possible to create an
OAuth 2 compatible server using it as well:
http://oauth.riaforge.org/

Some interesting drama with regards to the OAuth 2 specification:
http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/

For Oauth 2.0 clients, I found the Scribe project, written in Java, to be
pretty flexible:
https://github.com/fernandezpablo85/scribe-java/

Again, I considered porting it to CFML, but I found that Joel Hill had
already started to create a port, so I teamed up with him and fleshed out a
fully realized Twitter API using scribe:
https://github.com/JoelHill/cfScribe

That was pretty fun to play with for a bit. =) I intended to create
Facebook and Google API’s using scribe as well, but I ran out of time
playing with the Twitter API, so the Google and Facebook implementations
have been moved to the “some day” folder…

Anyway… hope this helps.

-Jordan

----- Original Message -----
From: “Ryan Hinton” <ry...@hintonco.com <javascript:>>
To: lu...@googlegroups.com <javascript:>
Sent: Thursday, June 11, 2015 3:23:46 PM
Subject: [Lucee] OAuth 2.0 Provider

Hello,

This is a general inquiry for CFML Developers. I figured I would ask here
since this is one of the only main groups I know for CFML Developers. My
apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the
OAuth 2.0 Provider side. However, I am either not looking in the right
places on the internet or there simply not much out there for CFML
developers to implement the OAuth 2.0 Provider portion. Everything I am
finding related to OAuth 2.0 and CFML is designed for the Client side and
I
find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or
references to lead me in the right direction for creating the OAuth 2.0 to
implement as a Provider? Essentially, I need to create the OAuth server
for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>.

To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/2b34bdd8-941c-47bb-b099-a086a540e14c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thank you for your feedback, Jordan.

It’s slightly upsetting to see so many providers in what looks like almost
every language but ours. lol I will look into Harry Klein’s OAuth 1.0
version to see how much it would take to convert. I have a time constraint
on this, so it may not be doable, I hope it might be easy and quick enough
to do.

I have read that OAuth 1.0 is not as secure as OAuth 2.0. Is this really
true, especially if we are passing information via SSL? What would truly
be the downside of using the OAuth 1.0 version of Harry Klein’s versus
using OAuth 2.0?

Thank you for any feedback.
Ryan HintonOn Thursday, June 11, 2015 at 6:58:49 PM UTC-4, Jordan Michaels wrote:

A while back when looking at oauth implementations for a project I
invested in, I briefly considered writing a CFML port of Apache OLTU (
https://oltu.apache.org/) to create an OAuth2 server. However, if you
look deeply at OAuth 2, there’s really very very little in the way of
specifics when it comes to actually implementing an OAuth 2 API. (And it’s
not just me who says this). If you look at specific OAuth2 services
available out there, they’re all pretty unique in their implementations.
OAuth2 is less of a specification, and more of a lose set of guidelines
IMHO.

Even though Harry Klein’s OAuth library was designed for Oauth 1.0, the
guidelines for OAuth 2 are so loose I believe it’s possible to create an
OAuth 2 compatible server using it as well:
http://oauth.riaforge.org/

Some interesting drama with regards to the OAuth 2 specification:
http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/

For Oauth 2.0 clients, I found the Scribe project, written in Java, to be
pretty flexible:
https://github.com/fernandezpablo85/scribe-java/

Again, I considered porting it to CFML, but I found that Joel Hill had
already started to create a port, so I teamed up with him and fleshed out a
fully realized Twitter API using scribe:
https://github.com/JoelHill/cfScribe

That was pretty fun to play with for a bit. =) I intended to create
Facebook and Google API’s using scribe as well, but I ran out of time
playing with the Twitter API, so the Google and Facebook implementations
have been moved to the “some day” folder…

Anyway… hope this helps.

-Jordan

----- Original Message -----
From: “Ryan Hinton” <ry...@hintonco.com <javascript:>>
To: lu...@googlegroups.com <javascript:>
Sent: Thursday, June 11, 2015 3:23:46 PM
Subject: [Lucee] OAuth 2.0 Provider

Hello,

This is a general inquiry for CFML Developers. I figured I would ask here
since this is one of the only main groups I know for CFML Developers. My
apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the
OAuth 2.0 Provider side. However, I am either not looking in the right
places on the internet or there simply not much out there for CFML
developers to implement the OAuth 2.0 Provider portion. Everything I am
finding related to OAuth 2.0 and CFML is designed for the Client side and
I
find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or
references to lead me in the right direction for creating the OAuth 2.0 to
implement as a Provider? Essentially, I need to create the OAuth server
for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>.

To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Hi Michael, we are currently implementing a Java version. We are looking
between OLTU and CXF, both by Apache.

Let’s hope for the best! :-)On Jun 13, 2015 2:11 AM, “Michael Offner” <@Michael_Offner> wrote:

My approach on this would be to adapt a Java solution and integrate that
in CFML, maybe as an gateway…

Micha

Am Freitag, 12. Juni 2015 schrieb Ryan Hinton :

Hello,

This is a general inquiry for CFML Developers. I figured I would ask
here since this is one of the only main groups I know for CFML Developers.
My apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the
OAuth 2.0 Provider side. However, I am either not looking in the right
places on the internet or there simply not much out there for CFML
developers to implement the OAuth 2.0 Provider portion. Everything I am
finding related to OAuth 2.0 and CFML is designed for the Client side and I
find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or
references to lead me in the right direction for creating the OAuth 2.0 to
implement as a Provider? Essentially, I need to create the OAuth server
for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to a topic in the
Google Groups “Lucee” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/lucee/6KN9Yz5tkTc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/CAG%2BEEBwaeAU_XzFYDonfnC_LS_OXW%3Dcnp_rgxwHEpmNt9pCTDA%40mail.gmail.com
https://groups.google.com/d/msgid/lucee/CAG%2BEEBwaeAU_XzFYDonfnC_LS_OXW%3Dcnp_rgxwHEpmNt9pCTDA%40mail.gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

My approach on this would be to adapt a Java solution and integrate that in
CFML, maybe as an gateway…

MichaAm Freitag, 12. Juni 2015 schrieb Ryan Hinton :

Hello,

This is a general inquiry for CFML Developers. I figured I would ask here
since this is one of the only main groups I know for CFML Developers. My
apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the
OAuth 2.0 Provider side. However, I am either not looking in the right
places on the internet or there simply not much out there for CFML
developers to implement the OAuth 2.0 Provider portion. Everything I am
finding related to OAuth 2.0 and CFML is designed for the Client side and I
find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or
references to lead me in the right direction for creating the OAuth 2.0 to
implement as a Provider? Essentially, I need to create the OAuth server
for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee%2Bunsubscribe@googlegroups.com’);>.
To post to this group, send email to lucee@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee@googlegroups.com’);>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

will this be coming soon in lucee 4.x or 5.x??On Saturday, 13 June 2015 22:35:26 UTC+10, Ryan Hinton wrote:

Hi Michael, we are currently implementing a Java version. We are looking
between OLTU and CXF, both by Apache.

Let’s hope for the best! :slight_smile:
On Jun 13, 2015 2:11 AM, “Michael Offner” <mic...@lucee.org <javascript:>> wrote:

My approach on this would be to adapt a Java solution and integrate that
in CFML, maybe as an gateway…

Micha

Am Freitag, 12. Juni 2015 schrieb Ryan Hinton :

Hello,

This is a general inquiry for CFML Developers. I figured I would ask
here since this is one of the only main groups I know for CFML Developers.
My apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the
OAuth 2.0 Provider side. However, I am either not looking in the right
places on the internet or there simply not much out there for CFML
developers to implement the OAuth 2.0 Provider portion. Everything I am
finding related to OAuth 2.0 and CFML is designed for the Client side and I
find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or
references to lead me in the right direction for creating the OAuth 2.0 to
implement as a Provider? Essentially, I need to create the OAuth server
for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to a topic in the
Google Groups “Lucee” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/lucee/6KN9Yz5tkTc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/CAG%2BEEBwaeAU_XzFYDonfnC_LS_OXW%3Dcnp_rgxwHEpmNt9pCTDA%40mail.gmail.com
https://groups.google.com/d/msgid/lucee/CAG%2BEEBwaeAU_XzFYDonfnC_LS_OXW%3Dcnp_rgxwHEpmNt9pCTDA%40mail.gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

I think you and Ryan are in the same position. See his note:

— Hi Michael, we are currently implementing a Java version. We are looking between OLTU and CXF, both by Apache.

That is for an oAuth 2.0 provider (server) which would generate its own auth tokens, so if you were running it, other applications could authenticate users through your service.> On Oct 19, 2015, at 6:36 AM, Stéphane MERLE <@Stephane_MERLE> wrote:

Hi,

I am setting up a lucee API and was looking for a OAUTH2.0 to securise the calls but find nowhere any tutoriel of library …
Reading this thread I still don’t get where to start from …

I am quite new to this Oauth things, and just need to “securise” calls to my app …

can you provide any help or at least point me to a simple way to use a JAVA tool ?

Thanks !!!

Stéphane

Le lundi 7 septembre 2015 07:13:21 UTC+2, Dawesi a écrit :
will this be coming soon in lucee 4.x or 5.x??

On Saturday, 13 June 2015 22:35:26 UTC+10, Ryan Hinton wrote:
Hi Michael, we are currently implementing a Java version. We are looking between OLTU and CXF, both by Apache.

Let’s hope for the best! :slight_smile:

On Jun 13, 2015 2:11 AM, “Michael Offner” <mic...@lucee.org <>> wrote:
My approach on this would be to adapt a Java solution and integrate that in CFML, maybe as an gateway…

Micha

Am Freitag, 12. Juni 2015 schrieb Ryan Hinton :
Hello,

This is a general inquiry for CFML Developers. I figured I would ask here since this is one of the only main groups I know for CFML Developers. My apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the OAuth 2.0 Provider side. However, I am either not looking in the right places on the internet or there simply not much out there for CFML developers to implement the OAuth 2.0 Provider portion. Everything I am finding related to OAuth 2.0 and CFML is designed for the Client side and I find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or references to lead me in the right direction for creating the OAuth 2.0 to implement as a Provider? Essentially, I need to create the OAuth server for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com <>.
To post to this group, send email to lucee@googlegroups.com <>.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout https://groups.google.com/d/optout.


You received this message because you are subscribed to a topic in the Google Groups “Lucee” group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/6KN9Yz5tkTc/unsubscribe https://groups.google.com/d/topic/lucee/6KN9Yz5tkTc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+un...@googlegroups.com <>.
To post to this group, send email to lu...@googlegroups.com <>.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAG%2BEEBwaeAU_XzFYDonfnC_LS_OXW%3Dcnp_rgxwHEpmNt9pCTDA%40mail.gmail.com https://groups.google.com/d/msgid/lucee/CAG%2BEEBwaeAU_XzFYDonfnC_LS_OXW%3Dcnp_rgxwHEpmNt9pCTDA%40mail.gmail.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout https://groups.google.com/d/optout.


See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/ http://www.cfcamp.org/

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com mailto:lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com mailto:lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/a908a3a3-64fc-48c0-83fd-c31a47519a37%40googlegroups.com https://groups.google.com/d/msgid/lucee/a908a3a3-64fc-48c0-83fd-c31a47519a37%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout https://groups.google.com/d/optout.

I think I did not explain correctly my objectif … I don’t whant to use
3rd party token but to provide my own tokens as a OAUTH service afterwhat
people will use those token in my lucee api …2015-10-19 18:06 GMT+02:00 Risto <@Risto>:

Well Ryan started this thread as a general CFML question not Lucee
specific,
so just use Coldfusion -
https://www.adobe.com/devnet/coldfusion/articles/social-integration.html


See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your
ticket NOW - http://www.cfcamp.org/

You received this message because you are subscribed to a topic in the
Google Groups “Lucee” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/lucee/6KN9Yz5tkTc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/d969d930-d8d8-4516-916f-3a3eb038f0c3%40googlegroups.com
https://groups.google.com/d/msgid/lucee/d969d930-d8d8-4516-916f-3a3eb038f0c3%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

Hi,

I am setting up a lucee API and was looking for a OAUTH2.0 to securise the
calls but find nowhere any tutoriel of library …
Reading this thread I still don’t get where to start from …

I am quite new to this Oauth things, and just need to “securise” calls to
my app …

can you provide any help or at least point me to a simple way to use a JAVA
tool ?

Thanks !!!

StéphaneLe lundi 7 septembre 2015 07:13:21 UTC+2, Dawesi a écrit :

will this be coming soon in lucee 4.x or 5.x??

On Saturday, 13 June 2015 22:35:26 UTC+10, Ryan Hinton wrote:

Hi Michael, we are currently implementing a Java version. We are looking
between OLTU and CXF, both by Apache.

Let’s hope for the best! :slight_smile:
On Jun 13, 2015 2:11 AM, “Michael Offner” mic...@lucee.org wrote:

My approach on this would be to adapt a Java solution and integrate that
in CFML, maybe as an gateway…

Micha

Am Freitag, 12. Juni 2015 schrieb Ryan Hinton :

Hello,

This is a general inquiry for CFML Developers. I figured I would ask
here since this is one of the only main groups I know for CFML Developers.
My apologies if this might be too off topic.

Lately, I have been reading about OAuth 2.0 in an effort to create the
OAuth 2.0 Provider side. However, I am either not looking in the right
places on the internet or there simply not much out there for CFML
developers to implement the OAuth 2.0 Provider portion. Everything I am
finding related to OAuth 2.0 and CFML is designed for the Client side and I
find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or
references to lead me in the right direction for creating the OAuth 2.0 to
implement as a Provider? Essentially, I need to create the OAuth server
for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5240e878-6298-4c72-b3d1-37ad686b0cf4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to a topic in the
Google Groups “Lucee” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/lucee/6KN9Yz5tkTc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/CAG%2BEEBwaeAU_XzFYDonfnC_LS_OXW%3Dcnp_rgxwHEpmNt9pCTDA%40mail.gmail.com
https://groups.google.com/d/msgid/lucee/CAG%2BEEBwaeAU_XzFYDonfnC_LS_OXW%3Dcnp_rgxwHEpmNt9pCTDA%40mail.gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Well Ryan started this thread as a general CFML question not Lucee specific,
so just use Coldfusion -
https://www.adobe.com/devnet/coldfusion/articles/social-integration.html

Hi Stephane,

please check my old project
http://oauth.riaforge.org/

It includes server and client components and samples, but is based on the Core 1.0 specification.
So you would have to update the library to OAuth 2.

-HarryVon: lucee@googlegroups.com [mailto:lucee@googlegroups.com] Im Auftrag von Stéphane MERLE
Gesendet: Montag, 19. Oktober 2015 18:56
An: lucee@googlegroups.com
Betreff: Re: [Lucee] OAuth 2.0 Provider

I think I did not explain correctly my objectif … I don’t whant to use 3rd party token but to provide my own tokens as a OAUTH service afterwhat people will use those token in my lucee api …

2015-10-19 18:06 GMT+02:00 Risto <@Ristomailto:Risto>:
Well Ryan started this thread as a general CFML question not Lucee specific,
so just use Coldfusion - https://www.adobe.com/devnet/coldfusion/articles/social-integration.html

See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/

You received this message because you are subscribed to a topic in the Google Groups “Lucee” group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/6KN9Yz5tkTc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+unsubscribe@googlegroups.commailto:lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.commailto:lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/d969d930-d8d8-4516-916f-3a3eb038f0c3%40googlegroups.comhttps://groups.google.com/d/msgid/lucee/d969d930-d8d8-4516-916f-3a3eb038f0c3%40googlegroups.com?utm_medium=email&utm_source=footer.

For more options, visit https://groups.google.com/d/optout.


See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.commailto:lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.commailto:lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CANG-r3qYe9TDjVsG8BF%3DizuPpqvV4HBqQ4dTqmgnwVj%3DA%3DyT7g%40mail.gmail.comhttps://groups.google.com/d/msgid/lucee/CANG-r3qYe9TDjVsG8BF%3DizuPpqvV4HBqQ4dTqmgnwVj%3DA%3DyT7g%40mail.gmail.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.