[aerogear-dev] Question on our AuthenticationModule

Corinne Krych corinnekrych at gmail.com
Tue Jun 4 04:18:07 EDT 2013


Hi

Indeed the login/logout not doing a actual login/logout feel weird.
Even worse on enroll which Basic/Digest implementation is throwing a
exception. Options could be:
- narrow common API - no enroll - rename more generic login/logout
- dont share a common API

Corinne


On 4 June 2013 09:48, Matthias Wessendorf <matzew at apache.org> wrote:

> Hi,
>
> perhaps this is more "AeroGear-Security VS HTTP Basic/Digest", but first
> some background informations:
>
> our different "AuthenticationModule" implementations, for Android, iOS and
> JavaScript, were created for the AeroGear-Security REST-APIs, which are
> described here:
> http://aerogear.org/docs/specs/aerogear-rest-api/
>
> Here are the three different client platform implementations:
>
> * Android:
>
> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/AuthenticationModule.java#L50-L74
>
> * iOS:
>
> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModule.h#L143-L179
>
> * JavaScript:
>
> https://github.com/aerogear/aerogear-js/blob/master/src/authentication/adapters/rest.js#L224-L436
>
> So, basically the interface(or the different implementations) covers the
> following functionality, described in the above spec:
> * enroll
> * login
> * logout
>
> So far so good.
>
>
> However, looking at the recent work for BASIC/DIGEST (e.g.
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-iOS-Basic-Digest-Thoughts-td2847.html),
> I think it might be confusing that there is no real login call against the
> server, like in the above codee, for AG-Security
>
> Instead, the "login", is _only_ applying the credentials to that
> subsequent requests can read (a) protected URL(s). Similar to "logout":
> Only a _reset_ of the credentials is happening. No server endpoint is
> invoked.
> See also
> http://lists.jboss.org/pipermail/aerogear-dev/2013-May/002810.html
>
>
> Similar to the "enroll"; The iOS proposal throws an exception, similar to
> the Android version:
>
>
> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L164
>
>
> https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L93-L95
>
> To me, looks like none of the methods of the "AuthenticationModule
> interface" are properly used, or am I wrong?
>
>
> I think my question is: Does it really make sense to kinda try to add the
> BASIC/DIGEST support into the "AuthenticationModule interface"?? or, could
> there be something else ?
>
> Not sure, I guess since I am not sure, I am asking here :)
>
> Any feedback is appreciated!
>
> Thanks!
> Matthias
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130604/1dbe6249/attachment.html 


More information about the aerogear-dev mailing list