David Lloyd created ELY-249: ------------------------------- Summary: verifyCredential method(s) misleading Key: ELY-249 URL: https://issues.jboss.org/browse/ELY-249 Project: WildFly Elytron Issue Type: Bug Components: API / SPI, Realms Reporter: David Lloyd The {{verifyCredential(Object credential)}} method is misleading. It is in fact not generally possible or practical to verify a credential; rather what is being done is verifying a guess. I propose a couple changes. First, the argument to the method should be renamed "guess" to indicate that the object being passed in isn't a credential, but rather a credential-specific guess. Second, I propose that Password no longer be considered a valid argument to this method. The only use that serves is to extract a clear password guess anyway. Finally, I think we should consider renaming the method to something else, like: * verifyCredentialGuess * verifyGuess * checkCredentialGuess * etc. -- This message was sent by Atlassian JIRA (v6.3.15#6346)