Oh, well in that case forget everything I said in favor of getAuthToken. I thought it was supposed to be more generic than that. I'll hide it.+1 for isAuthenticated, but I would rather to have it renamed to isLoggedIn
-1 for getAuthToken - You're giving the benefit of the doubt here, allowing people to do whatever they want with it, for example: put it on local storage, save it in txt file (people are strange :) ).
It should be "transparent" to our devs and just for the record, token is specific to our domain in AeroGear.
--"The measure of a man is what he does with power" - Plato-@abstractj-Volenti Nihil DifficileOn Monday, October 29, 2012 at 2:49 PM, Matthias Wessendorf wrote:
On Mon, Oct 29, 2012 at 5:47 PM, <supittma@redhat.com> wrote:On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
On Mon, Oct 29, 2012 at 5:24 PM,<supittma@redhat.com> wrote:
On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
* get_authToken and isAuthenticated => should they be really exposedon the interface?On iOS I am doing that in an _internal_ class (see [1])
I think it should be. The whole point of the module is toprovide/fetch/manage that information.I could see the argument for moving authtoken out (either into atypesafe class or making it private). isAuthenticated is kindafundamental IMHO
I am fine with exposing 'isAuthenticated()', but the "getAuthToken"should be really not made available on the public API, IMO
-M
It has to be exposed somewhere so that the Pipe can apply the security toits request.
right - that's why I added some internal API for that
but an end-user should IMO not be able to directly invoke "getToken()"
-M
Alternatively, AuthModule can apply security to the request but it willrequire some refactoring to the Pipes API.
* builderis that close to what passos suggested for pipe/pipeline ?
Moving in that direction
-M
[1]
On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<supittma@redhat.com>wrote:
My initial work is
Changes to existing classes/API:
HttpProvider now returns a class called HeaderAndBodyMap. This is aMap ofthe headers along with a byte array which was the body of the response.
HttpProvider will throw a HttpException if it does not receive a 200status
HttpException wraps some information about the HTTP result.
Description of current Auth Classes and Methods:
Interfaces:
Authenticator is a factory/lookup class a la Pipeline.
AuthenticationModule is a module that manages a authenticated userscredentials. Provides enroll, login, logout, authToken, andisAuthenticated.
Builder is an interface that can instantiate an instance ofAuthenticationModule.
Classes:
DefaultAuthenticator implements Authenticator
RestAuthenticationModule implements AuthenticationModule only login isimplemented.
Todo:
Implement the rest of the methods in RestAuthenticationModule
Update Pipe implementations to use the AuthenticationModules
_______________________________________________aerogear-dev mailing list_______________________________________________aerogear-dev mailing list
--Matthias Wessendorf
sessions: http://www.slideshare.net/mwessendorftwitter: http://twitter.com/mwessendorf_______________________________________________aerogear-dev mailing list