<div dir="ltr"><p style="margin-right:0px;margin-bottom:15px;margin-left:0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px;margin-top:0px!important">
Hi,</p><p style="margin-right:0px;margin-bottom:15px;margin-left:0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px;margin-top:0px!important">
with the use of <a href="https://github.com/davidchambers/Base64.js" style="color:rgb(65,131,196);text-decoration:none">this helper</a>, it is &quot;safe&quot; (I think) to use the <code style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">window.btoa</code> function(<a href="https://developer.mozilla.org/en-US/docs/Web/API/window.btoa" style="color:rgb(65,131,196);text-decoration:none">see details</a>), to perform a (simple) Base64 encoding.</p>
<p style="margin:15px 0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px">Base64 encoding is required, since the &quot;Device Registration&quot; HTTP REST endpoint now uses HTTP_Basic (for details see the <a href="http://lists.jboss.org/pipermail/aerogear-dev/2013-June/003233.html" style="color:rgb(65,131,196);text-decoration:none">matching thread</a>).</p>
<p style="margin:15px 0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px">Currently we perform this code for &quot;channel registration&quot;:</p>
<pre style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:13px;line-height:19px;margin-top:15px;margin-bottom:15px;background-color:rgb(248,248,248);border:1px solid rgb(221,221,221);overflow:auto;padding:6px 10px;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;color:rgb(0,0,0)">
<code style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:normal;margin:0px;padding:0px;border:none;background-color:transparent;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px">$.ajax({
  contentType: &quot;application/json&quot;,
  dataType: &quot;json&quot;,
  type: &quot;POST&quot;,
  url: url,
  headers: {
    &quot;ag-mobile-variant&quot;: variantID
  },
  data: JSON.stringify({
    category: messageType,
    deviceToken: endpoint.channelID,
    clientIdentifier: alias
  })
});
</code></pre><p style="margin:15px 0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px">As mentioned on the &quot;Security thread&quot;, the <code style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">variantID</code> is no longer a header, it is part of the HTTP_Basic auth process.</p>
<p style="margin:15px 0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px">This is a (local) JavaScript change that I did. It works fine so far:</p>
<pre style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:13px;line-height:19px;margin-top:15px;margin-bottom:15px;background-color:rgb(248,248,248);border:1px solid rgb(221,221,221);overflow:auto;padding:6px 10px;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;color:rgb(0,0,0)">
<code style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:normal;margin:0px;padding:0px;border:none;background-color:transparent;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px">$.ajax({
  contentType: &quot;application/json&quot;,
  dataType: &quot;json&quot;,
  type: &quot;POST&quot;,
  crossDomain: true,
  url: url,
  headers: {
    &quot;Authorization&quot;: &quot;Basic &quot; + window.btoa(variantID + &quot;:&quot; + secret)
  },
  data: JSON.stringify({
    category: messageType,
    deviceToken: endpoint.channelID,
    alias: alias     ///// NOTE:: the key has changed..........
  })
});
</code></pre><p style="margin:15px 0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px">The important thing: we add the <code style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">&quot;Authorization&quot;: &quot;Basic &quot;</code> header and using the mentioned<code style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">window.btoa()</code> function for the actual encoding.</p>
<p style="margin:15px 0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px">The same applies for the <code style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">DELETE</code> (unregistration).</p>
<p style="margin:15px 0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px">Any thoughts? Otherwise, I&#39;d send a PR.</p><p style="margin-top:15px;margin-right:0px;margin-left:0px;color:rgb(0,0,0);font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:15.454545021057129px;line-height:22.727272033691406px;margin-bottom:0px!important">
Ah.... the dependency agains the <code style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">Base64.js</code> polyfill library would/should be included in our &quot;grunt&quot; build for &quot;distribution&quot;, or would it be &quot;just&quot; declared (yeah, that&#39;s details but asking for curiousity)</p>
<div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>