8 Replies Latest reply on Mar 20, 2012 11:10 PM by zeeman

    Seam security and Seam Social

    zeeman Novice

      Hi all,


      Seam security has support for few openId providers (Google and yahoo). Seam social supports Twitter, Linked, and Facebook.


      Are the two modules integrated? Meaning if I use Seam security identity.isloggedIn after I logged in from a facebook account (using Seam Social), would it return true?


      When would Seam Social have the next release? There is no documentation/examples on how to use it.


      Thanks!

        • 1. Re: Seam security and Seam Social
          Antoine Sabot-Durand Newbie

          Hi Zee,


          Right now both module are not connected, but we are planning to do it for Seam 3.1 release (this autumn).


          Regarding Seam Social documentation, I'm working on it right now and you should get something more substantial for the coming beta (in a few weeks). Meanwhile I'm affraid you only have the readme file on github and myself on the forum ;-). Anyway thank you for your interest on Seam Social


          Antoine Sabot-Durand


          Seam Social tech lead

          • 2. Re: Seam security and Seam Social
            Werner Keil Newbie

            Hi Zee/Antoine,

             

            Allow me to add my 2 (Danish) Krona for now, too.

            Antoine and I proposed Java Social and a related JSR 357 a few weeks ago with JCP.org. If accepted, some of the next Generation Seam Social (4?) is likely to be part of its Reference Implementation.

            JCP also has a separate standard proposal just for Identity, JSR 351, so some of the Security and OpenID stuff you may see there, too.

             

            Werner Keil

            Java Social Co-Spec Lead

            • 3. Re: Seam security and Seam Social
              Antoine Sabot-Durand Newbie

              To answer the first question. Now both framework work together and Seam Security use Seam Social to allow OAuth authentication. Check examples in 3.2.0 snapshot version of Seam Security.

              • 4. Re: Seam security and Seam Social
                zeeman Novice

                Thanks for the update guys. I could not use Seam Social because it hides away some details that I need. I had to use Scribe library directly and created my own Oauth authenticator that works with Seam security. I have 2 authenticators (DB and Oauth).

                 

                I needed specific attributes from Oauth providers (yahoo, Facebook, Windows Live, Google), Seam Social was providing some of the info needed but not all like date of birth, email. Also, With some providers there are ways to save on an extra http request where the ID is needed (yahoo). Seam Social does not implement that.

                 

                Seam Social is a good start, modular and easy to configure. But it does not seem to cover all needed features for an enterprise project.

                 

                I have not read JSR 357 spec, but keep in mind, some users will want simple APIs for simple uses cases, other users will need pretty much garnualr APIs to control what data to receive from providers.

                 

                Last but no least, keep in mind on how to test things. It was hard to test with Seam Social, I wrote a standalone program to test during development; All providers provide a one time token that can be used manually with apps (what gets used on mobile apps). So hopefully that will be covered in the spec.

                • 5. Re: Seam security and Seam Social
                  Antoine Sabot-Durand Newbie

                  Hi Zeeman,

                   

                  Do you mind to tell me what limitations you encountered in Seam Social to decide not using it ?

                  And more generally what features do you expect from a framework like Seam Social for Enterprise development. Your feed back will be helpfull for JSR 357 too.

                   

                   

                  Thanks

                  • 6. Re: Seam security and Seam Social
                    zeeman Novice

                    Hi Antoine,

                     

                    Mainly I needed access to fields returned from providers that were not exposed by Seam Social. Another issue was development, it was not possible to test code. Finally, I needed more providers support that were not offered by Seam Social (google, yahoo, and MS Live).

                    One API that works with all providers, it's tricky because each provider returns different fields and name them differently. I had to implement all of that myself.

                    • 7. Re: Seam security and Seam Social
                      Werner Keil Newbie

                      Hi Zeeman,

                       

                      Thanks a lot for the input. The multi-vendor support is what many APIs out there, including Seam or Spring Social struggle with. Spring tends to support a lot if there's demand, but I don't recall having seen either Yahoo or MS Live support when I last checked there either

                       

                      To some extent that heavy fragmentation of the industry is what made some big industrial JCP EC Members like IBM, SAP, HP and others vote our JSR 357 initiative down this time

                      Would you be able to contribute special connectors not provided out of the box by either Seam Social or other frameworks in some Open Source community, or is your code closed and not suitable for that kind of contribution?

                       

                      We are looking at the best alternatives to JCP at least until Java and JCP is ready for this again. If you are interested to contribute, Java Social and the next generation of Seam Social (either under that name or a slightly different one, depends on people and companies involved) would be more than happy about such support.

                       

                      Werner

                      • 8. Re: Seam security and Seam Social
                        zeeman Novice

                        My code is closed but I'm in control of it. I can contribue social parts. However, my code was written to worky closely for what's needed in my project (MS, yahoo, FB, and Google).

                         

                        I have an external authenticator that works based on what the user clicks in the UI (FB, Google, etc...). I have a map with a standarized set of enums as keys used in my project for my needed fields, authenticator fills this map based on selected provider.

                        Scribe library makes things easy and provides access to raw response from providers to allow fine grained control.

                         

                        Whenever you have the project ready, let me know and I can push my code.