<div dir="ltr">This will also put Basic/Digest authentication out of reach for the Cordova apps as well right?<div>Can anything be done for Cordova apps? I can see wrapping iOS/Android implementations as Cordova plugins as one solution but something pure JS may feel better.</div>
<div>--</div><div>Gorkem<br><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr">--<br>Gorkem<br></div></div>
<br><br><div class="gmail_quote">On Wed, May 22, 2013 at 11:52 AM, Kris Borchers <span dir="ltr"><<a href="mailto:kris@redhat.com" target="_blank">kris@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word"><br><div><div class="im"><div>On May 22, 2013, at 10:39 AM, Christos Vasilakis <<a href="mailto:cvasilak@gmail.com" target="_blank">cvasilak@gmail.com</a>> wrote:</div><br><blockquote type="cite">
<div style="word-wrap:break-word"><br><div><div>On May 22, 2013, at 5:43 PM, Summers Pittman <<a href="mailto:supittma@redhat.com" target="_blank">supittma@redhat.com</a>> wrote:</div><br><blockquote type="cite"><div text="#000000" bgcolor="#FFFFFF">
<div>On 05/22/2013 10:12 AM, Kris Borchers wrote:<br></div><blockquote type="cite">OK, so I am going to try to spell out the workflow as I see it working in JS. I would appreciate any feedback on whether or not this is crazy/wrong.<div>
<br></div><div><ol><li>Create Basic or Digest authenticator</li><ol><li>Must include a callback to be fired when a request to auth is received from server</li></ol><li>Create pipe which uses this authenticator</li><li>Attempt read, save or remove on this pipe</li>
<li>Endpoint returns 401 with header indicating type of auth required</li><ol><li>Need to research that this won't trigger the browser's native Basic/Digest auth handling</li></ol><li>Fire user supplied auth callback passing it a reference to a "login" method that the user will pass the credentials collected in the auth callback</li>
<li>Use "login" method to construct appropriate response to server's 401</li><ol><li>This is the fun part :-P</li></ol></ol></div></blockquote>In the Android version, login is called by the developer, not by the framework. This "primes" the authenticator which then provides whatever tokens/headers/parameters/etc that the pipe will need to authenticate the request.<br>
<br></div></blockquote><div><br></div><div>same with iOS with an HttpBasic/Digest authentication module. Upon 'login', credentials are 'cached' using a build-in system provided object (no http request). When a request is made which requires authentication, the system checks first to see if credentials exists in its store(which we cached earlier with 'login') and if found it authenticates the session. Similar, when 'logout' is called, we remove the cached credentials from the system.</div>
</div></div></blockquote><div><br></div></div>This brings up a good point. If the browser doesn't do the caching for us in JS then I am not sure we can pursue this. I do not feel comfortable doing any sort of credential caching in JS as that is just asking for trouble.<div>
<div class="h5"><br><blockquote type="cite"><div style="word-wrap:break-word"><div><div><br></div><div>for this particular context, the authentication module mechanism we have, fitted nicely in filling the credential information to the system store, which uses them for authentication (and hopefully enough </div>
<div><br></div><div><br></div><div>Thanks</div><div>Christos</div><div><br></div><div><br></div><br><blockquote type="cite"><div text="#000000" bgcolor="#FFFFFF">This may have to be changed in the future to support multiple login flows.<br>
<blockquote type="cite"><div><ol><li>Server responds to auth attempt</li><ol><li>Success - continue to process original read, write or remove</li><li>Error - trigger a user supplied auth failure callback</li></ol></ol><div>
<br></div><div>Thanks!</div><div><br></div><div><div>On May 22, 2013, at 8:44 AM, Summers Pittman <<a href="mailto:supittma@redhat.com" target="_blank">supittma@redhat.com</a>> wrote:</div><br><blockquote type="cite">
On 05/21/2013 08:22 AM, Kris Borchers wrote:<br><blockquote type="cite">So, having seem the plans around Basic and Digest auth for Android and iOS, I am wondering if there is any need for that on JS. Typically that is handled by the browser and them the server maintains the session so I would lean toward not needing anything specific in JS for these types of auth. Input welcome.<br>
</blockquote>It may be useful is someone tries to embed it in a Node container or <br>write a Windows 8 app, Gnome 3 extension, etc.<br><blockquote type="cite"><br>Kris<br>_______________________________________________<br>
aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote><br>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote></div><br></div><br><fieldset></fieldset><br><pre>_______________________________________________
aerogear-dev mailing list
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre></blockquote><br></div>_______________________________________________<br>aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></blockquote>
</div><div><br></div></div>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></blockquote>
</div></div></div><br></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div>