<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, May 29, 2013 at 12:18 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi, sorry for my n00bish. I like the idea of libraries to make<br>
developer's life easier, I just have few questions.<br>
<br>
Is possible to have both into AGAuthenticationModuleAdapter?<br>
NSURLCredential for developers pretty familiar with it (and wants full<br>
control) and HTTPBasicDigestAuthenticationModule for developer who want<br>
to keep it simple?<br></blockquote><div><br></div><div>Interesting point. Let me think about it</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
Another question? Why not HTTPAuthenticationModule? With the addition of<br>
more auth schemes you will end with something like<br>
HTTPBasicDigestHawkPersonaOAuth2AuthenticationModule.<br></blockquote><div><br></div><div><br></div><div>oh, right :) yeah, let's name it AG<span style="font-family:arial,sans-serif;font-size:13px">HTTPAuthenticationModule.h/m. Good point</span></div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><br>
<br>
<br>
Corinne Krych wrote:<br>
> Thanks for the clarification.<br>
> I think I didn't get it.<br>
> Indeed it should be well documented as you would expect a login action<br>
> (ie doing an actual login on endpoint) when sending a login message.<br>
> saveLoginCredentials would be the correct message but I guess we rather<br>
> stick to AGAuthenticationModuleAdapter protocol.<br>
><br>
> +1<br>
> Corinne<br>
><br>
><br>
> On 29 May 2013 11:13, Matthias Wessendorf <<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a><br>
</div><div>> <mailto:<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>>> wrote:<br>
><br>
><br>
><br>
><br>
> On Wed, May 29, 2013 at 10:20 AM, Christos Vasilakis<br>
</div><div>> <<a href="mailto:cvasilak@gmail.com" target="_blank">cvasilak@gmail.com</a> <mailto:<a href="mailto:cvasilak@gmail.com" target="_blank">cvasilak@gmail.com</a>>> wrote:<br>
><br>
> Hi,<br>
><br>
> iOS platform provides built-in implementations for<br>
> authenticating against HTTP endpoints that support Basic /<br>
> Digest authentication (among others). The workflow when iOS<br>
> tries to authenticate against those endpoints is basically:<br>
><br>
> a) A credential storage singleton object<br>
</div>> <<a href="https://developer.apple.com/library/mac/#documentation/Cocoa/Reference/Foundation/Classes/NSURLCredentialStorage_Class/Reference/Reference.html" target="_blank">https://developer.apple.com/library/mac/#documentation/Cocoa/Reference/Foundation/Classes/NSURLCredentialStorage_Class/Reference/Reference.html</a>> provided<br>
<div>> by the system is consulted for authentication credentials. If<br>
> credentials are found, the system proceeds with authentication.<br>
> Understandably for this to work, the developer has to initially<br>
> push the credentials to the system object (and remove when done).<br>
><br>
> b) If credentials are NOT found, the system tries to call the<br>
> delegate method e.g.<br>
> 'connection:didReceiveAuthenticationChallenge<br>
</div>> <<a href="http://developer.apple.com/library/mac/documentation/Foundation/Reference/NSURLConnectionDelegate_Protocol/Reference/Reference.html#//apple_ref/occ/intfm/NSURLConnectionDelegate/connection:didReceiveAuthenticationChallenge" target="_blank">http://developer.apple.com/library/mac/documentation/Foundation/Reference/NSURLConnectionDelegate_Protocol/Reference/Reference.html#//apple_ref/occ/intfm/NSURLConnectionDelegate/connection:didReceiveAuthenticationChallenge</a>:>',<br>
<div>> giving a chance for the user to provide the credentials, by<br>
> calling the appropriate methods on the authentication challenge<br>
> object passed in.<br>
><br>
> AeroGear library, currently has a notion of pluggable<br>
> authentication modules providing an interface for clients to<br>
> implement 'login', and 'logout' methods, depending on the<br>
> authentication scenarios that they try to support. This fits<br>
> nicely with singleton credential storage approach, in the sense<br>
> when doing 'login' and 'logout', we simply edit the credential<br>
> storage adding or removing credentials appropriately. A branch<br>
> for this work can be found here<br>
</div>> <<a href="https://github.com/cvasilak/aerogear-ios/tree/basic.digest.auth" target="_blank">https://github.com/cvasilak/aerogear-ios/tree/basic.digest.auth</a>>.<br>
<div>> For usage, have a look at our integration test<br>
</div>> <<a href="https://github.com/cvasilak/aerogear-ios-integration/blob/basic.digest.auth/AeroGear-iOS-Integration/AeroGear-iOS-IntegrationTests/AGHttpBasicAuthenticationTests.m" target="_blank">https://github.com/cvasilak/aerogear-ios-integration/blob/basic.digest.auth/AeroGear-iOS-Integration/AeroGear-iOS-IntegrationTests/AGHttpBasicAuthenticationTests.m</a>><br>
<div>><br>
> For testing purposes, another branch<br>
</div>> <<a href="https://github.com/cvasilak/aerogear-ios/tree/basic.digest.nsurlcredential" target="_blank">https://github.com/cvasilak/aerogear-ios/tree/basic.digest.nsurlcredential</a>> was<br>
<div>> created, this time letting the user to directly pass<br>
</div>> <<a href="https://github.com/cvasilak/aerogear-ios-integration/blob/basic.digest.nsurlcredential/AeroGear-iOS-Integration/AeroGear-iOS-IntegrationTests/AGHttpBasicAuthenticationTests.m#L50" target="_blank">https://github.com/cvasilak/aerogear-ios-integration/blob/basic.digest.nsurlcredential/AeroGear-iOS-Integration/AeroGear-iOS-IntegrationTests/AGHttpBasicAuthenticationTests.m#L50</a>> an<br>
> NSURLCredential<br>
> <<a href="http://developer.apple.com/library/ios/#Documentation/Cocoa/Reference/Foundation/Classes/NSURLCredential_Class/Reference/Reference.html" target="_blank">http://developer.apple.com/library/ios/#Documentation/Cocoa/Reference/Foundation/Classes/NSURLCredential_Class/Reference/Reference.html</a>> object<br>
<div>> initialised with the username/password combination during the<br>
> Pipe configuration. Those credentials are internally stored and<br>
> given back to the system by implementing the necessary callback<br>
</div>> <<a href="https://github.com/cvasilak/aerogear-ios/blob/basic.digest.nsurlcredential/AeroGear-iOS/AeroGear-iOS/core/AGHttpClient.m#L240" target="_blank">https://github.com/cvasilak/aerogear-ios/blob/basic.digest.nsurlcredential/AeroGear-iOS/AeroGear-iOS/core/AGHttpClient.m#L240</a>>.<br>
<div>> A usage example can be found in our integration test<br>
</div>> <<a href="https://github.com/cvasilak/aerogear-ios-integration/blob/basic.digest.nsurlcredential/AeroGear-iOS-Integration/AeroGear-iOS-IntegrationTests/AGHttpBasicAuthenticationTests.m" target="_blank">https://github.com/cvasilak/aerogear-ios-integration/blob/basic.digest.nsurlcredential/AeroGear-iOS-Integration/AeroGear-iOS-IntegrationTests/AGHttpBasicAuthenticationTests.m</a>><br>
<div>><br>
> advantages of using the singleton approach:<br>
> - fits nicely with the authentication mechanism we have in place<br>
> (as an extension HTTPBasicDigestAuthenticationModule<br>
</div>> <<a href="https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m" target="_blank">https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m</a>>)<br>
<div>> so user familiarity when looking to add basic/digest support to<br>
> the Pipe.<br>
> - we control the credential type e.g.<br>
> 'NSURLCredentialPersistenceForSession'. This eliminates errors<br>
> of using 'NSURLCredentialPersistencePermanent' and having the<br>
> user to explicitly clear the keychain when trying to login with<br>
> a different combination. For my search, many errors occurs<br>
> because of this.<br>
><br>
> disadvantages of using the singleton approach:<br>
> - not sure if many iOS dev will like the fact of creating an<br>
> Authenticator object instead of using directly an<br>
> NSURLCredential object that are used to.<br>
><br>
> ---<br>
> advantages of using the 'nsurlcredential' directly:<br>
> - users familiarity with the object.<br>
> - not explicit login logout request.<br>
><br>
> disadvantages of using the 'nsurlcredential' directly:<br>
> - error credential type can lead to errors.<br>
><br>
> With discussions with Matthias, we are more keen in following<br>
> the HTTPBasicDigestAuthenticationModule<br>
</div>> <<a href="https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m" target="_blank">https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m</a>> approach<br>
<div>> instead of providing the NSURLCredential<br>
</div>> <<a href="http://developer.apple.com/library/ios/#Documentation/Cocoa/Reference/Foundation/Classes/NSURLCredential_Class/Reference/Reference.html" target="_blank">http://developer.apple.com/library/ios/#Documentation/Cocoa/Reference/Foundation/Classes/NSURLCredential_Class/Reference/Reference.html</a>> configuration<br>
<div>> option on the Pipe. Surely enough, in the documentation we will<br>
> explicitly state that "login"/ "logout" methods, serve as a<br>
> mean to setup internally the iOS authentication system so users<br>
> don't have too (instead of calling remote endpoints)<br>
><br>
><br>
><br>
> While the "NSURLCredential" better fits the meanings of BASIC/DIGEST<br>
> (no explicit login/logout against a server), however that will cause<br>
> all sorts of issues, since the APP_DEVELOPER is reponsible for<br>
> providing the NSURLCredential; If we uses a _permanent_ storage, all<br>
> sorts of errors may occur (like Christos was already indicating).<br>
><br>
><br>
> I (currently) like the "auth_module" approach better. However, as<br>
> Christos mentioned, we need to state (in API docs) that login/logout<br>
> is JUST applying/removing the credentials. The doc needs to say that<br>
> on LOGIN (for instance) no request is hit against the server.<br>
><br>
><br>
> -Matthias<br>
><br>
><br>
><br>
><br>
> Wdyt?<br>
><br>
> Thanks,<br>
> Christos<br>
><br>
><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
</div>> <a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a> <mailto:<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a>><br>
<div>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
</div>> <a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a> <mailto:<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a>><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<div><div>><br>
><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>