[aerogear-dev] HTTP_Basic: SimplePush (Channel) Registration

Matthias Wessendorf matzew at apache.org
Thu Jun 20 11:12:48 EDT 2013 

Hi,

with the use of this helper <https://github.com/davidchambers/Base64.js>,
it is "safe" (I think) to use the window.btoa function(see
details<https://developer.mozilla.org/en-US/docs/Web/API/window.btoa>),
to perform a (simple) Base64 encoding.

Base64 encoding is required, since the "Device Registration" HTTP REST
endpoint now uses HTTP_Basic (for details see the matching
thread<http://lists.jboss.org/pipermail/aerogear-dev/2013-June/003233.html>
).

Currently we perform this code for "channel registration":

$.ajax({
  contentType: "application/json",
  dataType: "json",
  type: "POST",
  url: url,
  headers: {
    "ag-mobile-variant": variantID
  },
  data: JSON.stringify({
    category: messageType,
    deviceToken: endpoint.channelID,
    clientIdentifier: alias
  })
});

As mentioned on the "Security thread", the variantID is no longer a header,
it is part of the HTTP_Basic auth process.

This is a (local) JavaScript change that I did. It works fine so far:

$.ajax({
  contentType: "application/json",
  dataType: "json",
  type: "POST",
  crossDomain: true,
  url: url,
  headers: {
    "Authorization": "Basic " + window.btoa(variantID + ":" + secret)
  },
  data: JSON.stringify({
    category: messageType,
    deviceToken: endpoint.channelID,
    alias: alias     ///// NOTE:: the key has changed..........
  })
});

The important thing: we add the "Authorization": "Basic " header and using
the mentionedwindow.btoa() function for the actual encoding.

The same applies for the DELETE (unregistration).

Any thoughts? Otherwise, I'd send a PR.

Ah.... the dependency agains the Base64.js polyfill library would/should be
included in our "grunt" build for "distribution", or would it be "just"
declared (yeah, that's details but asking for curiousity)

-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130620/7cbc1dd1/attachment.html

More information about the aerogear-dev mailing list