Re: [aerogear-dev] Android Auth branch and API

Monday, 29 October 2012

+1 for isAuthenticated, but I would rather to have it renamed to isLoggedIn 

-1 for getAuthToken - You're giving the benefit of the doubt here, allowing people to
do whatever they want with it, for example: put it on local storage, save it in txt file
(people are strange :) ).

It should be "transparent" to our devs and just for the record, token is
specific to our domain in AeroGear. 

-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Monday, October 29, 2012 at 2:49 PM, Matthias Wessendorf wrote:

...
 On Mon, Oct 29, 2012 at 5:47 PM, <supittma(a)redhat.com
(mailto:supittma@redhat.com)> wrote:
 > On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
 > > 
 > > On Mon, Oct 29, 2012 at 5:24 PM,&lt;supittma(a)redhat.com
(mailto:supittma@redhat.com)> wrote:
 > > > 
 > > > 
 > > > On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
 > > > > 
 > > > > * get_authToken and isAuthenticated => should they be really
exposed
 > > > > on the interface?
 > > > > On iOS I am doing that in an _internal_ class (see [1])
 > > > > 
 > > > 
 > > > 
 > > > I think it should be. The whole point of the module is to
 > > > provide/fetch/manage that information.
 > > > I could see the argument for moving authtoken out (either into a
 > > > typesafe class or making it private). isAuthenticated is kinda
 > > > fundamental IMHO
 > > > 
 > > 
 > > 
 > > I am fine with exposing 'isAuthenticated()', but the
"getAuthToken"
 > > should be really not made available on the public API, IMO
 > > 
 > > 
 > > -M
 > 
 > It has to be exposed somewhere so that the Pipe can apply the security to
 > its request.
 > 

 right - that's why I added some internal API for that

 but an end-user should IMO not be able to directly invoke "getToken()"

 -M

 > Alternatively, AuthModule can apply security to the request but it will
 > require some refactoring to the Pipes API.
 > 
 > 
 > > > > * builder
 > > > > is that close to what passos suggested for pipe/pipeline ?
 > > > > 
 > > > 
 > > > 
 > > > Moving in that direction
 > > > > 
 > > > > -M
 > > > > 
 > > > > 
 > > > > [1]
 > > > >
https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGea...
 > > > > 
 > > > > 
 > > > > On Fri, Oct 26, 2012 at 6:12 PM, Summers
Pittman&lt;supittma(a)redhat.com (mailto:supittma@redhat.com)>
 > > > > wrote:
 > > > > > 
 > > > > > My initial work is
 > > > > > here:https://github.com/aerogear/aerogear-android/tree/auth
 > > > > > 
 > > > > > Changes to existing classes/API:
 > > > > > 
 > > > > > HttpProvider now returns a class called HeaderAndBodyMap. This
is a
 > > > > > Map of
 > > > > > the headers along with a byte array which was the body of the
response.
 > > > > > 
 > > > > > HttpProvider will throw a HttpException if it does not receive a
200
 > > > > > status
 > > > > > 
 > > > > > HttpException wraps some information about the HTTP result.
 > > > > > 
 > > > > > 
 > > > > > Description of current Auth Classes and Methods:
 > > > > > 
 > > > > > Interfaces:
 > > > > > 
 > > > > > Authenticator is a factory/lookup class a la Pipeline.
 > > > > > 
 > > > > > 
 > > > > > AuthenticationModule is a module that manages a authenticated
users
 > > > > > credentials. Provides enroll, login, logout, authToken, and
 > > > > > isAuthenticated.
 > > > > > 
 > > > > > 
 > > > > > Builder is an interface that can instantiate an instance of
 > > > > > AuthenticationModule.
 > > > > > 
 > > > > > 
 > > > > > Classes:
 > > > > > 
 > > > > > DefaultAuthenticator implements Authenticator
 > > > > > 
 > > > > > 
 > > > > > RestAuthenticationModule implements AuthenticationModule only
login is
 > > > > > implemented.
 > > > > > 
 > > > > > 
 > > > > > 
 > > > > > Todo:
 > > > > > 
 > > > > > Implement the rest of the methods in RestAuthenticationModule
 > > > > > 
 > > > > > 
 > > > > > Update Pipe implementations to use the AuthenticationModules
 > > > > > 
 > > > > > 
 > > > > > 
 > > > > > _______________________________________________
 > > > > > aerogear-dev mailing list
 > > > > > aerogear-dev(a)lists.jboss.org
(mailto:aerogear-dev@lists.jboss.org)
 > > > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
 > > > > > 
 > > > > 
 > > > > 
 > > > 
 > > > _______________________________________________
 > > > aerogear-dev mailing list
 > > > aerogear-dev(a)lists.jboss.org (mailto:aerogear-dev@lists.jboss.org)
 > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
 > > > 
 > > 
 > 
 > 

 -- 
 Matthias Wessendorf

 blog: http://matthiaswessendorf.wordpress.com/
 sessions: http://www.slideshare.net/mwessendorf
 twitter: http://twitter.com/mwessendorf
 _______________________________________________
 aerogear-dev mailing list
 aerogear-dev(a)lists.jboss.org (mailto:aerogear-dev@lists.jboss.org)
 https://lists.jboss.org/mailman/listinfo/aerogear-dev

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [aerogear-dev] Android Auth branch and API