<div dir="ltr"><div>Hi,<br></div><div><br></div><div>perhaps this is more &quot;AeroGear-Security VS HTTP Basic/Digest&quot;, but first some background informations:</div><div><br></div><div>our different &quot;AuthenticationModule&quot; implementations, for Android, iOS and JavaScript, were created for the AeroGear-Security REST-APIs, which are described here:</div>

<div><a href="http://aerogear.org/docs/specs/aerogear-rest-api/" target="_blank">http://aerogear.org/docs/specs/aerogear-rest-api/</a> </div><div><br></div><div>Here are the three different client platform implementations:</div>
<div><br>
</div><div>* Android:</div><div><a href="https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/AuthenticationModule.java#L50-L74" target="_blank">https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/AuthenticationModule.java#L50-L74</a></div>

<div><br></div><div>* iOS:</div><div><a href="https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModule.h#L143-L179" target="_blank">https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModule.h#L143-L179</a></div>

<div><br></div><div>* JavaScript:</div><div><a href="https://github.com/aerogear/aerogear-js/blob/master/src/authentication/adapters/rest.js#L224-L436" target="_blank">https://github.com/aerogear/aerogear-js/blob/master/src/authentication/adapters/rest.js#L224-L436</a></div>

<div><br></div><div>So, basically the interface(or the different implementations) covers the following functionality, described in the above spec:</div><div>* enroll </div><div>* login</div><div>* logout</div><div><br></div>

<div>So far so good.</div><div><br></div><div><br></div><div>However, looking at the recent work for BASIC/DIGEST (e.g. <a href="http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-iOS-Basic-Digest-Thoughts-td2847.html" target="_blank">http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-iOS-Basic-Digest-Thoughts-td2847.html</a>), I think it might be confusing that there is no real login call against the server, like in the above codee, for AG-Security</div>

<div><br></div><div>Instead, the &quot;login&quot;, is _only_ applying the credentials to that subsequent requests can read (a) protected URL(s). Similar to &quot;logout&quot;: Only a _reset_ of the credentials is happening. No server endpoint is invoked.</div>

<div>See also <a href="http://lists.jboss.org/pipermail/aerogear-dev/2013-May/002810.html" target="_blank">http://lists.jboss.org/pipermail/aerogear-dev/2013-May/002810.html</a></div><div><br></div><div><br></div><div>Similar to the &quot;enroll&quot;; The iOS proposal throws an exception, similar to the Android version:</div>

<div><br></div><div><a href="https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L164" target="_blank">https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L164</a></div>

<div><br></div><div><a href="https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L93-L95" target="_blank">https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L93-L95</a></div>

<div><br></div><div>To me, looks like none of the methods of the &quot;AuthenticationModule interface&quot; are properly used, or am I wrong? </div><div><br></div><div><br></div><div>I think my question is: Does it really make sense to kinda try to add the BASIC/DIGEST support into the &quot;AuthenticationModule interface&quot;?? or, could there be something else ? </div>
<div><br></div><div style>Not sure, I guess since I am not sure, I am asking here :)</div><div style><br></div><div style>Any feedback is appreciated!</div><div style><br></div><div style>Thanks!</div><div style>Matthias</div>
<div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>