[aerogear-dev] Android Auth branch and API
supittma at redhat.com
supittma at redhat.com
Mon Oct 29 12:56:19 EDT 2012
On 10/29/2012 12:49 PM, Matthias Wessendorf wrote:
> On Mon, Oct 29, 2012 at 5:47 PM,<supittma at redhat.com> wrote:
>> On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
>>> On Mon, Oct 29, 2012 at 5:24 PM,<supittma at redhat.com> wrote:
>>>>
>>>> On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
>>>>> * get_authToken and isAuthenticated => should they be really exposed
>>>>> on the interface?
>>>>> On iOS I am doing that in an _internal_ class (see [1])
>>>> I think it should be. The whole point of the module is to
>>>> provide/fetch/manage that information.
>>>> I could see the argument for moving authtoken out (either into a
>>>> typesafe class or making it private). isAuthenticated is kinda
>>>> fundamental IMHO
>>> I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
>>> should be really not made available on the public API, IMO
>>>
>>>
>>> -M
>> It has to be exposed somewhere so that the Pipe can apply the security to
>> its request.
> right - that's why I added some internal API for that
>
> but an end-user should IMO not be able to directly invoke "getToken()"
>
> -M
The best argument I can think of against adding it in is that some
authentication strategies may not use simple tokens or not use tokens at
all which makes the method problematic.
Do you have something else in mind?
As far as adding it goes it makes testing/querying/interrogating the
connection easier. The API only exposes it as read only so the user
knows not to try and bust it. (And good api design will have tokens be
either immutable or defensively copy)
>
>
>> Alternatively, AuthModule can apply security to the request but it will
>> require some refactoring to the Pipes API.
>>
>>
>>>>> * builder
>>>>> is that close to what passos suggested for pipe/pipeline ?
>>>> Moving in that direction
>>>>> -M
>>>>>
>>>>>
>>>>> [1]
>>>>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
>>>>>
>>>>>
>>>>> On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<supittma at redhat.com>
>>>>> wrote:
>>>>>> My initial work is
>>>>>> here:https://github.com/aerogear/aerogear-android/tree/auth
>>>>>>
>>>>>> Changes to existing classes/API:
>>>>>>
>>>>>> HttpProvider now returns a class called HeaderAndBodyMap. This is a
>>>>>> Map of
>>>>>> the headers along with a byte array which was the body of the response.
>>>>>>
>>>>>> HttpProvider will throw a HttpException if it does not receive a 200
>>>>>> status
>>>>>>
>>>>>> HttpException wraps some information about the HTTP result.
>>>>>>
>>>>>>
>>>>>> Description of current Auth Classes and Methods:
>>>>>>
>>>>>> Interfaces:
>>>>>>
>>>>>> Authenticator is a factory/lookup class a la Pipeline.
>>>>>>
>>>>>>
>>>>>> AuthenticationModule is a module that manages a authenticated users
>>>>>> credentials. Provides enroll, login, logout, authToken, and
>>>>>> isAuthenticated.
>>>>>>
>>>>>>
>>>>>> Builder is an interface that can instantiate an instance of
>>>>>> AuthenticationModule.
>>>>>>
>>>>>>
>>>>>> Classes:
>>>>>>
>>>>>> DefaultAuthenticator implements Authenticator
>>>>>>
>>>>>>
>>>>>> RestAuthenticationModule implements AuthenticationModule only login is
>>>>>> implemented.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Todo:
>>>>>>
>>>>>> Implement the rest of the methods in RestAuthenticationModule
>>>>>>
>>>>>>
>>>>>> Update Pipe implementations to use the AuthenticationModules
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> aerogear-dev mailing list
>>>>>> aerogear-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>
>
More information about the aerogear-dev
mailing list