[aerogear-dev] UnifiedPush Server = Resetting MasterSecret (PushApp) and Secret (Variant)

Sebastien Blanc scm.blanc at gmail.com
Mon Oct 21 05:36:53 EDT 2013 

On Mon, Oct 21, 2013 at 11:23 AM, Matthias Wessendorf <matzew at apache.org>wrote:

> Hello,
>
> For [1 <https://issues.jboss.org/browse/AGPUSH-209>] I want to discuss a
> RESTful API for resetting the (Master)Secret of a PushApp and/or a Variant.
>
Good idea !

> Initially I'd like to propose an empty PUT request against an 'reset'
> endpoint, specific to the ID of the PushApp/Variant (see [2<http://staging.aerogear.org/docs/specs/aerogear-push-rest/PushApplication/>]
> and [3<http://staging.aerogear.org/docs/specs/aerogear-push-rest/Variants/Android/>
> ]).
>
> To give a congrete example: Resetting the Secret of an Android Variant
> would result in a PUT against this URL:
>
> https://SERVER:PORT/CONTEXT/rest/applications/{pushApplicationID}/android/{variantID}/reset
>
> The CURL command would look like:
>
> curl -3 -v -H "Accept: application/json" -H "Content-type: application/json"
>   -X PUT
> https://SERVER:PORT/CONTEXT/rest/applications/{pushApplicationID}/android/{variantID}/reset
>
> And resetting a PushApp will be of this form ?

https://SERVER:PORT/CONTEXT/rest/applications/{pushApplicationID}/reset

Does resetting a pushApp, implicitly reset the Variant Secret ?


> The response body to that *PUT* request contain (JSON) details about the
> specific Android Variant (using Android as an example here):
>
Not sure if we have to return all the details ... Is returning the secret
not enough ?

> {
>   "id":"402880e43fa95bb3013faf3c41b40005",
>   "name":"Android App",
>   "description":"The Android Variant",
>   "variantID":"04e9f747-d256-4a24-a0ac-29b9a15e37b1",
>   "secret":"70135d26-696d-426a-8183-e1fd0fcb86fe",
>   "developer":"admin",
>   "instances":[],
>   "googleKey":"My Google API Key",
>   "projectNumber":"My Project Number / Sender ID"
> }
>
> <https://gist.github.com/matzew/7d78eb091f6ca0fa01bb#admin-ui>Admin UI
>
> On the Admin UI the *HTTP PUT* request could be triggered through a
> button, the actual execution would happen after giving "approval" on a
> 'confirmation' button...
>
> On the long run, we could make it more 'complex', e.g. sending an email,
> containing an URL to give approval to the reset etc - but for now, I'd like
> to keep the reset simple..
>
> Any thoughts ?
>
> [1] https://issues.jboss.org/browse/AGPUSH-209
> [2]
> http://staging.aerogear.org/docs/specs/aerogear-push-rest/PushApplication/
> [3]
> http://staging.aerogear.org/docs/specs/aerogear-push-rest/Variants/Android/
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131021/c280622e/attachment.html

More information about the aerogear-dev mailing list