TL;DR

https://issues.jboss.org/browse/AGSEC-60




On Fri, May 24, 2013 at 9:27 AM, Matthias Wessendorf <matzew@apache.org> wrote:
Hi,

we do have server side endpoints, for login/logout:

SPEC:
http://aerogear.org/docs/specs/aerogear-rest-api/

TODO demo:
https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/Routes.java#L151-L162
(routes to https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java)

One thing that I noticed, when talking w/ Christos about the HTTP BASIC support, is that currently the modules "just" set the credentials on "LOGIN",
and they perform a "clean-up", on the logout.

For both, login/logout, no request is send to the matching "endpoints" on the server-side


Android (logout):
https://github.com/aerogear/aerogear-android/blob/29b70da146e965e18ae9b6966d9b533c4993eb9b/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L122-L147

iOS (logout):
https://github.com/cvasilak/aerogear-ios/blob/464b981e4aafbace032cd403163bbd581a068264/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L128-L139

Not sure, but ususally, a logout against the server also performs some sort of clean up. For instance in the TODO demo, it issues a logout against the IDM:
https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java#L113


Greetings,
Matthias



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf