Skip to main content

Posts

Showing posts from September, 2014

OAuth-erize The Nation! With OpenIG 3.0

OpenIG 3.0 was released a couple of weeks ago, with some significant enhancements.  One of which was the ability to protect applications through the use OAuth2 access tokens, with very little effort.

OAuth2 has been around for a while, and provides a lightweight and developer friendly way to leverage authorization services for web and native applications.  To utilise the features of OAuth2 such as access token validation, refresh token to access token exchange and then scope querying by the client application, generally requires code changes within both the client app and resource servers.  This isn't necessarily a bad thing nor particularly complex, but in some circumstances,  you may not have access to the underlying code, or perhaps the app is hosted by a 3rd party.

OpenIG, as it's a reverse proxy, can easily sit in between the user community and the underlying target application.  With a simple edit of a JSON file, OpenIG can be setup to act as both the resource server and c…