[aerogear-dev] Android Auth branch and API

Bruno Oliveira bruno at abstractj.org
Mon Oct 29 13:03:41 EDT 2012 

+1 for isAuthenticated, but I would rather to have it renamed to isLoggedIn 

-1 for getAuthToken - You're giving the benefit of the doubt here, allowing people to do whatever they want with it, for example: put it on local storage, save it in txt file (people are strange :) ).

It should be "transparent" to our devs and just for the record, token is specific to our domain in AeroGear. 


-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile



On Monday, October 29, 2012 at 2:49 PM, Matthias Wessendorf wrote:

> On Mon, Oct 29, 2012 at 5:47 PM, <supittma at redhat.com (mailto:supittma at redhat.com)> wrote:
> > On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
> > > 
> > > On Mon, Oct 29, 2012 at 5:24 PM,<supittma at redhat.com (mailto:supittma at redhat.com)> wrote:
> > > > 
> > > > 
> > > > On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
> > > > > 
> > > > > * get_authToken and isAuthenticated => should they be really exposed
> > > > > on the interface?
> > > > > On iOS I am doing that in an _internal_ class (see [1])
> > > > > 
> > > > 
> > > > 
> > > > I think it should be. The whole point of the module is to
> > > > provide/fetch/manage that information.
> > > > I could see the argument for moving authtoken out (either into a
> > > > typesafe class or making it private). isAuthenticated is kinda
> > > > fundamental IMHO
> > > > 
> > > 
> > > 
> > > I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
> > > should be really not made available on the public API, IMO
> > > 
> > > 
> > > -M
> > 
> > It has to be exposed somewhere so that the Pipe can apply the security to
> > its request.
> > 
> 
> 
> right - that's why I added some internal API for that
> 
> but an end-user should IMO not be able to directly invoke "getToken()"
> 
> -M
> 
> 
> > Alternatively, AuthModule can apply security to the request but it will
> > require some refactoring to the Pipes API.
> > 
> > 
> > > > > * builder
> > > > > is that close to what passos suggested for pipe/pipeline ?
> > > > > 
> > > > 
> > > > 
> > > > Moving in that direction
> > > > > 
> > > > > -M
> > > > > 
> > > > > 
> > > > > [1]
> > > > > https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
> > > > > 
> > > > > 
> > > > > On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<supittma at redhat.com (mailto:supittma at redhat.com)>
> > > > > wrote:
> > > > > > 
> > > > > > My initial work is
> > > > > > here:https://github.com/aerogear/aerogear-android/tree/auth
> > > > > > 
> > > > > > Changes to existing classes/API:
> > > > > > 
> > > > > > HttpProvider now returns a class called HeaderAndBodyMap. This is a
> > > > > > Map of
> > > > > > the headers along with a byte array which was the body of the response.
> > > > > > 
> > > > > > HttpProvider will throw a HttpException if it does not receive a 200
> > > > > > status
> > > > > > 
> > > > > > HttpException wraps some information about the HTTP result.
> > > > > > 
> > > > > > 
> > > > > > Description of current Auth Classes and Methods:
> > > > > > 
> > > > > > Interfaces:
> > > > > > 
> > > > > > Authenticator is a factory/lookup class a la Pipeline.
> > > > > > 
> > > > > > 
> > > > > > AuthenticationModule is a module that manages a authenticated users
> > > > > > credentials. Provides enroll, login, logout, authToken, and
> > > > > > isAuthenticated.
> > > > > > 
> > > > > > 
> > > > > > Builder is an interface that can instantiate an instance of
> > > > > > AuthenticationModule.
> > > > > > 
> > > > > > 
> > > > > > Classes:
> > > > > > 
> > > > > > DefaultAuthenticator implements Authenticator
> > > > > > 
> > > > > > 
> > > > > > RestAuthenticationModule implements AuthenticationModule only login is
> > > > > > implemented.
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > Todo:
> > > > > > 
> > > > > > Implement the rest of the methods in RestAuthenticationModule
> > > > > > 
> > > > > > 
> > > > > > Update Pipe implementations to use the AuthenticationModules
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > _______________________________________________
> > > > > > aerogear-dev mailing list
> > > > > > aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
> > > > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > > > > > 
> > > > > 
> > > > > 
> > > > 
> > > > _______________________________________________
> > > > aerogear-dev mailing list
> > > > aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
> > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > > > 
> > > 
> > 
> > 
> 
> 
> 
> 
> -- 
> Matthias Wessendorf
> 
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121029/32aa730d/attachment.html

More information about the aerogear-dev mailing list