[aerogear-dev] Question on our AuthenticationModule

Matthias Wessendorf matzew at apache.org
Tue Jun 4 03:48:20 EDT 2013 

Hi,

perhaps this is more "AeroGear-Security VS HTTP Basic/Digest", but first
some background informations:

our different "AuthenticationModule" implementations, for Android, iOS and
JavaScript, were created for the AeroGear-Security REST-APIs, which are
described here:
http://aerogear.org/docs/specs/aerogear-rest-api/

Here are the three different client platform implementations:

* Android:
https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/AuthenticationModule.java#L50-L74

* iOS:
https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModule.h#L143-L179

* JavaScript:
https://github.com/aerogear/aerogear-js/blob/master/src/authentication/adapters/rest.js#L224-L436

So, basically the interface(or the different implementations) covers the
following functionality, described in the above spec:
* enroll
* login
* logout

So far so good.


However, looking at the recent work for BASIC/DIGEST (e.g.
http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-iOS-Basic-Digest-Thoughts-td2847.html),
I think it might be confusing that there is no real login call against the
server, like in the above codee, for AG-Security

Instead, the "login", is _only_ applying the credentials to that subsequent
requests can read (a) protected URL(s). Similar to "logout": Only a _reset_
of the credentials is happening. No server endpoint is invoked.
See also http://lists.jboss.org/pipermail/aerogear-dev/2013-May/002810.html


Similar to the "enroll"; The iOS proposal throws an exception, similar to
the Android version:

https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L164

https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L93-L95

To me, looks like none of the methods of the "AuthenticationModule
interface" are properly used, or am I wrong?


I think my question is: Does it really make sense to kinda try to add the
BASIC/DIGEST support into the "AuthenticationModule interface"?? or, could
there be something else ?

Not sure, I guess since I am not sure, I am asking here :)

Any feedback is appreciated!

Thanks!
Matthias

-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130604/ff5f67e4/attachment-0001.html

More information about the aerogear-dev mailing list