[aerogear-dev] Android Auth branch and API
supittma at redhat.com
supittma at redhat.com
Mon Oct 29 13:07:13 EDT 2012
On 10/29/2012 01:03 PM, Bruno Oliveira wrote:
> +1 for isAuthenticated, but I would rather to have it renamed to
> isLoggedIn
>
> -1 for getAuthToken - You're giving the benefit of the doubt here,
> allowing people to do whatever they want with it, for example: put it
> on local storage, save it in txt file (people are strange :) ).
>
> It should be "transparent" to our devs and just for the record, token
> is specific to our domain in AeroGear.
>
Oh, well in that case forget everything I said in favor of
getAuthToken. I thought it was supposed to be more generic than that.
I'll hide it.
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> On Monday, October 29, 2012 at 2:49 PM, Matthias Wessendorf wrote:
>
>> On Mon, Oct 29, 2012 at 5:47 PM, <supittma at redhat.com
>> <mailto:supittma at redhat.com>> wrote:
>>> On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
>>>>
>>>> On Mon, Oct 29, 2012 at 5:24 PM,<supittma at redhat.com
>>>> <mailto:supittma at redhat.com>> wrote:
>>>>>
>>>>>
>>>>> On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
>>>>>>
>>>>>> * get_authToken and isAuthenticated => should they be really exposed
>>>>>> on the interface?
>>>>>> On iOS I am doing that in an _internal_ class (see [1])
>>>>>
>>>>> I think it should be. The whole point of the module is to
>>>>> provide/fetch/manage that information.
>>>>> I could see the argument for moving authtoken out (either into a
>>>>> typesafe class or making it private). isAuthenticated is kinda
>>>>> fundamental IMHO
>>>>
>>>> I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
>>>> should be really not made available on the public API, IMO
>>>>
>>>>
>>>> -M
>>>
>>> It has to be exposed somewhere so that the Pipe can apply the
>>> security to
>>> its request.
>>
>> right - that's why I added some internal API for that
>>
>> but an end-user should IMO not be able to directly invoke "getToken()"
>>
>> -M
>>
>>
>>> Alternatively, AuthModule can apply security to the request but it will
>>> require some refactoring to the Pipes API.
>>>
>>>
>>>>>> * builder
>>>>>> is that close to what passos suggested for pipe/pipeline ?
>>>>>
>>>>> Moving in that direction
>>>>>>
>>>>>> -M
>>>>>>
>>>>>>
>>>>>> [1]
>>>>>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
>>>>>>
>>>>>>
>>>>>> On Fri, Oct 26, 2012 at 6:12 PM, Summers
>>>>>> Pittman<supittma at redhat.com <mailto:supittma at redhat.com>>
>>>>>> wrote:
>>>>>>>
>>>>>>> My initial work is
>>>>>>> here:https://github.com/aerogear/aerogear-android/tree/auth
>>>>>>>
>>>>>>> Changes to existing classes/API:
>>>>>>>
>>>>>>> HttpProvider now returns a class called HeaderAndBodyMap. This is a
>>>>>>> Map of
>>>>>>> the headers along with a byte array which was the body of the
>>>>>>> response.
>>>>>>>
>>>>>>> HttpProvider will throw a HttpException if it does not receive a 200
>>>>>>> status
>>>>>>>
>>>>>>> HttpException wraps some information about the HTTP result.
>>>>>>>
>>>>>>>
>>>>>>> Description of current Auth Classes and Methods:
>>>>>>>
>>>>>>> Interfaces:
>>>>>>>
>>>>>>> Authenticator is a factory/lookup class a la Pipeline.
>>>>>>>
>>>>>>>
>>>>>>> AuthenticationModule is a module that manages a authenticated users
>>>>>>> credentials. Provides enroll, login, logout, authToken, and
>>>>>>> isAuthenticated.
>>>>>>>
>>>>>>>
>>>>>>> Builder is an interface that can instantiate an instance of
>>>>>>> AuthenticationModule.
>>>>>>>
>>>>>>>
>>>>>>> Classes:
>>>>>>>
>>>>>>> DefaultAuthenticator implements Authenticator
>>>>>>>
>>>>>>>
>>>>>>> RestAuthenticationModule implements AuthenticationModule only
>>>>>>> login is
>>>>>>> implemented.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Todo:
>>>>>>>
>>>>>>> Implement the rest of the methods in RestAuthenticationModule
>>>>>>>
>>>>>>>
>>>>>>> Update Pipe implementations to use the AuthenticationModules
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> aerogear-dev mailing list
>>>>>>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121029/ed1ee5e9/attachment-0001.html
More information about the aerogear-dev
mailing list