+1 for isAuthenticated, but I would rather to have it renamed to isLoggedIn

-1 for getAuthToken - You're giving the benefit of the doubt here, allowing people to do whatever they want with it, for example: put it on local storage, save it in txt file (people are strange :) ).

It should be "transparent" to our devs and just for the record, token is specific to our domain in AeroGear.


-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Monday, October 29, 2012 at 2:49 PM, Matthias Wessendorf wrote:

On Mon, Oct 29, 2012 at 5:47 PM, <supittma@redhat.com> wrote:
On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:

On Mon, Oct 29, 2012 at 5:24 PM,<supittma@redhat.com> wrote:


On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:

* get_authToken and isAuthenticated => should they be really exposed
on the interface?
On iOS I am doing that in an _internal_ class (see [1])

I think it should be. The whole point of the module is to
provide/fetch/manage that information.
I could see the argument for moving authtoken out (either into a
typesafe class or making it private). isAuthenticated is kinda
fundamental IMHO

I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
should be really not made available on the public API, IMO


-M

It has to be exposed somewhere so that the Pipe can apply the security to
its request.

right - that's why I added some internal API for that

but an end-user should IMO not be able to directly invoke "getToken()"

-M


Alternatively, AuthModule can apply security to the request but it will
require some refactoring to the Pipes API.


* builder
is that close to what passos suggested for pipe/pipeline ?

Moving in that direction

-M


[1]


On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<supittma@redhat.com>
wrote:

My initial work is

Changes to existing classes/API:

HttpProvider now returns a class called HeaderAndBodyMap. This is a
Map of
the headers along with a byte array which was the body of the response.

HttpProvider will throw a HttpException if it does not receive a 200
status

HttpException wraps some information about the HTTP result.


Description of current Auth Classes and Methods:

Interfaces:

Authenticator is a factory/lookup class a la Pipeline.


AuthenticationModule is a module that manages a authenticated users
credentials. Provides enroll, login, logout, authToken, and
isAuthenticated.


Builder is an interface that can instantiate an instance of
AuthenticationModule.


Classes:

DefaultAuthenticator implements Authenticator


RestAuthenticationModule implements AuthenticationModule only login is
implemented.



Todo:

Implement the rest of the methods in RestAuthenticationModule


Update Pipe implementations to use the AuthenticationModules



_______________________________________________
aerogear-dev mailing list
_______________________________________________
aerogear-dev mailing list



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev