Open jricher opened 10 years ago
hjander
commented
9 years ago I am right now in the process of evaluating IDM solutions in the java space. I found this project and jboss-keycloak. Though keycloak has more features, i liked your project more because it seemed more modular and more spring-centric.
It would be very nice if you could provide any hints why you are exploring alternatives to SECOAUTH and maybe also what are the plans for the projects future.
jricher
commented
9 years ago It's simple really: when we first started, we wanted an OAuth library that handled a lot of the heavy lifting so that we could concentrate on the additional pieces that OpenID Connect required, and SECOAUTH was great for that. As time went on, we ended up substituting our own code for more and more of it, such that we're really only using a small part of SECOAUTH. There are a few things we can't really implement due to limitations in SECOAUTH's architecture, and changes that they've made have broken our code a few times already or caused us to write workarounds. So in the end, it's just seeming likely that things will be cleaner if we simply just pull out that last bit that we're still using. However, we need to do the actual exercise of refactoring and replacing those components, which is what this issue is here to track. There have been a couple starts and stops on it, but nothing that we've been comfortable enough with to fold back into the main branch yet.
At this stage of development, we should see if SECOAUTH is still an appropriate library to build on top of.