On 10/29/2012 12:49 PM, Matthias Wessendorf wrote:
On Mon, Oct 29, 2012 at 5:47 PM,<supittma(a)redhat.com> wrote:
> On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
>> On Mon, Oct 29, 2012 at 5:24 PM,<supittma(a)redhat.com> wrote:
>>>
>>> On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
>>>> * get_authToken and isAuthenticated => should they be really
exposed
>>>> on the interface?
>>>> On iOS I am doing that in an _internal_ class (see [1])
>>> I think it should be. The whole point of the module is to
>>> provide/fetch/manage that information.
>>> I could see the argument for moving authtoken out (either into a
>>> typesafe class or making it private). isAuthenticated is kinda
>>> fundamental IMHO
>> I am fine with exposing 'isAuthenticated()', but the
"getAuthToken"
>> should be really not made available on the public API, IMO
>>
>>
>> -M
> It has to be exposed somewhere so that the Pipe can apply the security to
> its request.
right - that's why I added some internal API for that
but an end-user should IMO not be able to directly invoke "getToken()"
-M
The best argument I can think of against adding it in is that some
authentication strategies may not use simple tokens or not use tokens at
all which makes the method problematic.
Do you have something else in mind?
As far as adding it goes it makes testing/querying/interrogating the
connection easier. The API only exposes it as read only so the user
knows not to try and bust it. (And good api design will have tokens be
either immutable or defensively copy)
> Alternatively, AuthModule can apply security to the request but it will
> require some refactoring to the Pipes API.
>
>
>>>> * builder
>>>> is that close to what passos suggested for pipe/pipeline ?
>>> Moving in that direction
>>>> -M
>>>>
>>>>
>>>> [1]
>>>>
https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGea...
>>>>
>>>>
>>>> On Fri, Oct 26, 2012 at 6:12 PM, Summers
Pittman<supittma(a)redhat.com>
>>>> wrote:
>>>>> My initial work is
>>>>>
here:https://github.com/aerogear/aerogear-android/tree/auth
>>>>>
>>>>> Changes to existing classes/API:
>>>>>
>>>>> HttpProvider now returns a class called HeaderAndBodyMap. This is a
>>>>> Map of
>>>>> the headers along with a byte array which was the body of the
response.
>>>>>
>>>>> HttpProvider will throw a HttpException if it does not receive a 200
>>>>> status
>>>>>
>>>>> HttpException wraps some information about the HTTP result.
>>>>>
>>>>>
>>>>> Description of current Auth Classes and Methods:
>>>>>
>>>>> Interfaces:
>>>>>
>>>>> Authenticator is a factory/lookup class a la Pipeline.
>>>>>
>>>>>
>>>>> AuthenticationModule is a module that manages a authenticated users
>>>>> credentials. Provides enroll, login, logout, authToken, and
>>>>> isAuthenticated.
>>>>>
>>>>>
>>>>> Builder is an interface that can instantiate an instance of
>>>>> AuthenticationModule.
>>>>>
>>>>>
>>>>> Classes:
>>>>>
>>>>> DefaultAuthenticator implements Authenticator
>>>>>
>>>>>
>>>>> RestAuthenticationModule implements AuthenticationModule only login
is
>>>>> implemented.
>>>>>
>>>>>
>>>>>
>>>>> Todo:
>>>>>
>>>>> Implement the rest of the methods in RestAuthenticationModule
>>>>>
>>>>>
>>>>> Update Pipe implementations to use the AuthenticationModules
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>