<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 28, 2013 at 7:48 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Do you think is a good idea to put it at AG-Sec-Auth?<br>
<br>
Maybe specifying server and client bits?<br></blockquote><div><br></div><div style>Probably good idea.</div><div style><br></div><div style>Used AG-Sec-Auth, since it describes the server-side enpoints.</div><div style><br>
</div><div style>Some more generic client/server specs would be good. I think that goes into the direction you mentioned during the meeting, on Monday, right ?</div><div style><br></div><div style><br></div><div><br></div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
Matthias Wessendorf wrote:<br>
> TL;DR<br>
><br>
> <a href="https://issues.jboss.org/browse/AGSEC-60" target="_blank">https://issues.jboss.org/browse/AGSEC-60</a><br>
><br>
><br>
><br>
><br>
> On Fri, May 24, 2013 at 9:27 AM, Matthias Wessendorf <<a href="mailto:matzew@apache.org">matzew@apache.org</a><br>
</div><div><div class="h5">> <mailto:<a href="mailto:matzew@apache.org">matzew@apache.org</a>>> wrote:<br>
><br>
> Hi,<br>
><br>
> we do have server side endpoints, for login/logout:<br>
><br>
> SPEC:<br>
> <a href="http://aerogear.org/docs/specs/aerogear-rest-api/" target="_blank">http://aerogear.org/docs/specs/aerogear-rest-api/</a><br>
><br>
> TODO demo:<br>
> <a href="https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/Routes.java#L151-L162" target="_blank">https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/Routes.java#L151-L162</a><br>
> (routes to<br>
> <a href="https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java" target="_blank">https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java</a>)<br>
><br>
> One thing that I noticed, when talking w/ Christos about the HTTP<br>
> BASIC support, is that currently the modules "just" set the<br>
> credentials on "LOGIN",<br>
> and they perform a "clean-up", on the logout.<br>
><br>
> For both, login/logout, no request is send to the matching<br>
> "endpoints" on the server-side<br>
><br>
><br>
> Android (logout):<br>
> <a href="https://github.com/aerogear/aerogear-android/blob/29b70da146e965e18ae9b6966d9b533c4993eb9b/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L122-L147" target="_blank">https://github.com/aerogear/aerogear-android/blob/29b70da146e965e18ae9b6966d9b533c4993eb9b/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L122-L147</a><br>
><br>
> iOS (logout):<br>
> <a href="https://github.com/cvasilak/aerogear-ios/blob/464b981e4aafbace032cd403163bbd581a068264/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L128-L139" target="_blank">https://github.com/cvasilak/aerogear-ios/blob/464b981e4aafbace032cd403163bbd581a068264/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L128-L139</a><br>
><br>
> Not sure, but ususally, a logout against the server also performs<br>
> some sort of clean up. For instance in the TODO demo, it issues a<br>
> logout against the IDM:<br>
> <a href="https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java#L113" target="_blank">https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java#L113</a><br>
><br>
><br>
> Greetings,<br>
> Matthias<br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
</div></div>> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>