[aerogear-dev] Android Auth branch and API

[Kris Borchers]

On Oct 29, 2012, at 11:47 AM, supittma at redhat.com wrote:

> On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
>> On Mon, Oct 29, 2012 at 5:24 PM,<supittma at redhat.com>  wrote:
>>> 
>>> On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
>>>> * get_authToken and isAuthenticated =>   should they be really exposed
>>>> on the interface?
>>>> On iOS I am doing that in an _internal_ class (see [1])
>>> I think it should be.  The whole point of the module is to
>>> provide/fetch/manage that information.
>>> I could see the argument for moving authtoken out (either into a
>>> typesafe class or making it private).  isAuthenticated is kinda
>>> fundamental IMHO
>> I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
>> should be really not made available on the public API, IMO
>> 
>> 
>> -M
> It has to be exposed somewhere so that the Pipe can apply the security 
> to its request.
> Alternatively, AuthModule can apply security to the request but it will 
> require some refactoring to the Pipes API.
This might be where JS is a little different and Matthias and I have had some brief discussions about this. JS passes a reference to the auth module into the pipe when created. Then, if necessary, the pipe can call the auth module's isAuthenticated method to determine whether or not it should include a token in the header or what ever that auth module/pipe combo requires. So technically, isAuthenticated is not "private" in JS but is what is known as privileged which means it's publicly accessible but has access to private vars and methods. The method itself though can not be modified thus adding a layer of protection. Thinking on it, I probably need a private method for isAuthenticated to call to add more protection but that's the idea.

> 
>>>> * builder
>>>> is that close to what passos suggested for pipe/pipeline ?
>>> Moving in that direction
>>>> -M
>>>> 
>>>> 
>>>> [1] https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
>>>> 
>>>> 
>>>> On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<supittma at redhat.com>   wrote:
>>>>> My initial work is
>>>>> here:https://github.com/aerogear/aerogear-android/tree/auth
>>>>> 
>>>>> Changes to existing classes/API:
>>>>> 
>>>>> HttpProvider now returns a class called HeaderAndBodyMap.  This is a Map of
>>>>> the headers along with a byte array which was the body of the response.
>>>>> 
>>>>> HttpProvider will throw a HttpException if it does not receive a 200 status
>>>>> 
>>>>> HttpException wraps some information about the HTTP result.
>>>>> 
>>>>> 
>>>>> Description of current Auth Classes and Methods:
>>>>> 
>>>>> Interfaces:
>>>>> 
>>>>> Authenticator is a factory/lookup class a la Pipeline.
>>>>> 
>>>>> 
>>>>> AuthenticationModule is a module that manages a authenticated users
>>>>> credentials.  Provides enroll, login, logout, authToken, and
>>>>> isAuthenticated.
>>>>> 
>>>>> 
>>>>> Builder is an interface that can instantiate an instance of
>>>>> AuthenticationModule.
>>>>> 
>>>>> 
>>>>> Classes:
>>>>> 
>>>>> DefaultAuthenticator implements Authenticator
>>>>> 
>>>>> 
>>>>> RestAuthenticationModule implements AuthenticationModule  only login is
>>>>> implemented.
>>>>> 
>>>>> 
>>>>> 
>>>>> Todo:
>>>>> 
>>>>> Implement the rest of the methods in RestAuthenticationModule
>>>>> 
>>>>> 
>>>>> Update Pipe implementations to use the AuthenticationModules
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> 
>>>> 
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> 
>> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev