<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 10/29/2012 01:03 PM, Bruno Oliveira wrote:
<blockquote
cite="mid:C74DF3D3053E43E9A8E52F6614A009BC@abstractj.org"
type="cite">
<div> +1 for isAuthenticated, but I would rather to have it
renamed to isLoggedIn </div>
<div><br>
</div>
<div>-1 for getAuthToken - You're giving the benefit of the doubt
here, allowing people to do whatever they want with it, for
example: put it on local storage, save it in txt file (people
are strange :) ).</div>
<div><br>
</div>
<div>It should be "transparent" to our devs and just for the
record, token is specific to our domain in AeroGear.</div>
<div>
<div><br>
</div>
</div>
</blockquote>
Oh, well in that case forget everything I said in favor of
getAuthToken. I thought it was supposed to be more generic than
that. I'll hide it.<br>
<blockquote
cite="mid:C74DF3D3053E43E9A8E52F6614A009BC@abstractj.org"
type="cite">
<div>
<div><br>
</div>
<div>
<div>-- </div>
<div>"The measure of a man is what he does with power" - Plato</div>
<div>-</div>
<div>@abstractj</div>
<div>-</div>
<div>Volenti Nihil Difficile</div>
</div>
</div>
<p style="color: #A0A0A8;">On Monday, October 29, 2012 at 2:49 PM,
Matthias Wessendorf wrote:</p>
<blockquote type="cite"
style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
<span>
<div>
<div>
<div>On Mon, Oct 29, 2012 at 5:47 PM, <<a
moz-do-not-send="true"
href="mailto:supittma@redhat.com">supittma@redhat.com</a>>
wrote:</div>
<blockquote type="cite">
<div>
<div>On 10/29/2012 12:36 PM, Matthias Wessendorf
wrote:</div>
<blockquote type="cite">
<div>
<div><br>
</div>
<div>On Mon, Oct 29, 2012 at 5:24 PM,<<a
moz-do-not-send="true"
href="mailto:supittma@redhat.com">supittma@redhat.com</a>>
wrote:</div>
<blockquote type="cite">
<div>
<div><br>
</div>
<div><br>
</div>
<div>On 10/29/2012 11:30 AM, Matthias
Wessendorf wrote:</div>
<blockquote type="cite">
<div>
<div><br>
</div>
<div>* get_authToken and isAuthenticated
=> should they be really exposed</div>
<div>on the interface?</div>
<div>On iOS I am doing that in an
_internal_ class (see [1])</div>
</div>
</blockquote>
<div><br>
</div>
<div>I think it should be. The whole point of
the module is to</div>
<div>provide/fetch/manage that information.</div>
<div>I could see the argument for moving
authtoken out (either into a</div>
<div>typesafe class or making it private).
isAuthenticated is kinda</div>
<div>fundamental IMHO</div>
</div>
</blockquote>
<div><br>
</div>
<div>I am fine with exposing 'isAuthenticated()',
but the "getAuthToken"</div>
<div>should be really not made available on the
public API, IMO</div>
<div><br>
</div>
<div><br>
</div>
<div>-M</div>
</div>
</blockquote>
<div><br>
</div>
<div>It has to be exposed somewhere so that the Pipe
can apply the security to</div>
<div>its request.</div>
</div>
</blockquote>
<div><br>
</div>
<div>right - that's why I added some internal API for that</div>
<div><br>
</div>
<div>but an end-user should IMO not be able to directly
invoke "getToken()"</div>
<div><br>
</div>
<div>-M</div>
<div><br>
</div>
<div><br>
</div>
<blockquote type="cite">
<div>
<div>Alternatively, AuthModule can apply security to
the request but it will</div>
<div>require some refactoring to the Pipes API.</div>
<div><br>
</div>
<div><br>
</div>
<blockquote type="cite">
<blockquote type="cite">
<div>
<blockquote type="cite">
<div>
<div>* builder</div>
<div>is that close to what passos suggested
for pipe/pipeline ?</div>
</div>
</blockquote>
<div><br>
</div>
<div>Moving in that direction</div>
<blockquote type="cite">
<div>
<div><br>
</div>
<div>-M</div>
<div><br>
</div>
<div><br>
</div>
<div>[1]</div>
<div><a moz-do-not-send="true"
href="https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h">https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h</a></div>
<div><br>
</div>
<div><br>
</div>
<div>On Fri, Oct 26, 2012 at 6:12 PM,
Summers Pittman<<a
moz-do-not-send="true"
href="mailto:supittma@redhat.com">supittma@redhat.com</a>></div>
<div>wrote:</div>
<blockquote type="cite">
<div>
<div><br>
</div>
<div>My initial work is</div>
<div>here:<a moz-do-not-send="true"
href="https://github.com/aerogear/aerogear-android/tree/auth">https://github.com/aerogear/aerogear-android/tree/auth</a></div>
<div><br>
</div>
<div>Changes to existing classes/API:</div>
<div><br>
</div>
<div>HttpProvider now returns a class
called HeaderAndBodyMap. This is a</div>
<div>Map of</div>
<div>the headers along with a byte array
which was the body of the response.</div>
<div><br>
</div>
<div>HttpProvider will throw a
HttpException if it does not receive a
200</div>
<div>status</div>
<div><br>
</div>
<div>HttpException wraps some
information about the HTTP result.</div>
<div><br>
</div>
<div><br>
</div>
<div>Description of current Auth Classes
and Methods:</div>
<div><br>
</div>
<div>Interfaces:</div>
<div><br>
</div>
<div>Authenticator is a factory/lookup
class a la Pipeline.</div>
<div><br>
</div>
<div><br>
</div>
<div>AuthenticationModule is a module
that manages a authenticated users</div>
<div>credentials. Provides enroll,
login, logout, authToken, and</div>
<div>isAuthenticated.</div>
<div><br>
</div>
<div><br>
</div>
<div>Builder is an interface that can
instantiate an instance of</div>
<div>AuthenticationModule.</div>
<div><br>
</div>
<div><br>
</div>
<div>Classes:</div>
<div><br>
</div>
<div>DefaultAuthenticator implements
Authenticator</div>
<div><br>
</div>
<div><br>
</div>
<div>RestAuthenticationModule implements
AuthenticationModule only login is</div>
<div>implemented.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Todo:</div>
<div><br>
</div>
<div>Implement the rest of the methods
in RestAuthenticationModule</div>
<div><br>
</div>
<div><br>
</div>
<div>Update Pipe implementations to use
the AuthenticationModules</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>_______________________________________________</div>
<div>aerogear-dev mailing list</div>
<div><a moz-do-not-send="true"
href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a></div>
<div><a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div>
</div>
</blockquote>
</div>
</blockquote>
<div>_______________________________________________</div>
<div>aerogear-dev mailing list</div>
<div><a moz-do-not-send="true"
href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a></div>
<div><a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div>
</div>
</blockquote>
</blockquote>
</div>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>-- </div>
<div>Matthias Wessendorf</div>
<div><br>
</div>
<div>blog: <a moz-do-not-send="true"
href="http://matthiaswessendorf.wordpress.com">http://matthiaswessendorf.wordpress.com</a>/</div>
<div>sessions: <a moz-do-not-send="true"
href="http://www.slideshare.net/mwessendorf">http://www.slideshare.net/mwessendorf</a></div>
<div>twitter: <a moz-do-not-send="true"
href="http://twitter.com/mwessendorf">http://twitter.com/mwessendorf</a></div>
<div>_______________________________________________</div>
<div>aerogear-dev mailing list</div>
<div><a moz-do-not-send="true"
href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a></div>
<div><a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div>
</div>
</div>
</span> </blockquote>
<div> <br>
</div>
</blockquote>
<br>
</body>
</html>