<div dir="ltr"><div>Hi,<br></div><div><br></div><div>we do have server side endpoints, for login/logout:</div><div><br></div><div>SPEC:</div><div><a href="http://aerogear.org/docs/specs/aerogear-rest-api/">http://aerogear.org/docs/specs/aerogear-rest-api/</a></div>
<div><br></div><div>TODO demo:</div><div><a href="https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/Routes.java#L151-L162">https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/Routes.java#L151-L162</a></div>
<div>(routes to <a href="https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java">https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java</a>)</div>
<div><br></div><div>One thing that I noticed, when talking w/ Christos about the HTTP BASIC support, is that currently the modules "just" set the credentials on "LOGIN",</div><div>and they perform a "clean-up", on the logout.</div>
<div><br></div><div>For both, login/logout, no request is send to the matching "endpoints" on the server-side</div><div><br></div><div><br></div><div>Android (logout):</div><div><a href="https://github.com/aerogear/aerogear-android/blob/29b70da146e965e18ae9b6966d9b533c4993eb9b/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L122-L147">https://github.com/aerogear/aerogear-android/blob/29b70da146e965e18ae9b6966d9b533c4993eb9b/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L122-L147</a></div>
<div><br></div><div>iOS (logout):</div><div><a href="https://github.com/cvasilak/aerogear-ios/blob/464b981e4aafbace032cd403163bbd581a068264/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L128-L139">https://github.com/cvasilak/aerogear-ios/blob/464b981e4aafbace032cd403163bbd581a068264/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L128-L139</a></div>
<div><br></div><div>Not sure, but ususally, a logout against the server also performs some sort of clean up. For instance in the TODO demo, it issues a logout against the IDM:</div><div><a href="https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java#L113">https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java#L113</a></div>
<div><br></div><div><br></div><div style>Greetings,</div><div style>Matthias</div><div style><br></div><div style><br></div><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>