[aerogear-dev] Android Auth branch and API

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

[aerogear-dev] Android Auth branch and API

Summers Pittman
My initial work is here:https://github.com/aerogear/aerogear-android/tree/auth

Changes to existing classes/API:

HttpProvider now returns a class called HeaderAndBodyMap.  This is a Map of the headers along with a byte array which was the body of the response.

HttpProvider
will throw a HttpException if it does not receive a 200 status

HttpException
wraps some information about the HTTP result.

Description of current Auth Classes and Methods:

Interfaces:
Authenticator is a factory/lookup class a la Pipeline.

AuthenticationModule is a module that manages a authenticated users credentials.  Provides enroll, login, logout, authToken, and isAuthenticated.

Builder is an interface that can instantiate an instance of AuthenticationModule.

Classes:

DefaultAuthenticator implements Authenticator 

RestAuthenticationModule implements AuthenticationModule  only login is implemented.


Todo:

Implement the rest of the methods in RestAuthenticationModule

Update Pipe implementations to use the AuthenticationModules



_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Daniel Passos-2
Hey Summers,

Awesome Job!!!

My 2 cents:

* HttpProvider

- Awesome idea change methods to return new HeaderAndBodyMap

* Authenticator

- Why Authenticator is an interface? We need this?
- add receive Builder? makes more sense receive AuthenticationModule

* RestAuthenticationModule

- Avoid calling the callback in doInBackground if it change something in the UI that will cause an exception. 
- How about just letting the baseURL as mandatory?

* Javadoc 

- @link, @inheritDoc, ... don't need %

-- 
Daniel Passos

On Friday, October 26, 2012 at 2:12 PM, Summers Pittman wrote:

My initial work is here:https://github.com/aerogear/aerogear-android/tree/auth

Changes to existing classes/API:

HttpProvider now returns a class called HeaderAndBodyMap.  This is a Map of the headers along with a byte array which was the body of the response.

HttpProvider
will throw a HttpException if it does not receive a 200 status

HttpException
wraps some information about the HTTP result.

Description of current Auth Classes and Methods:

Interfaces:
Authenticator is a factory/lookup class a la Pipeline.

AuthenticationModule is a module that manages a authenticated users credentials.  Provides enroll, login, logout, authToken, and isAuthenticated.

Builder is an interface that can instantiate an instance of AuthenticationModule.

Classes:

DefaultAuthenticator implements Authenticator 

RestAuthenticationModule implements AuthenticationModule  only login is implemented.


Todo:

Implement the rest of the methods in RestAuthenticationModule

Update Pipe implementations to use the AuthenticationModules


_______________________________________________
aerogear-dev mailing list


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Summers Pittman
>* Authenticator

>- Why Authenticator is an interface? We need this?
It makes mocking for testing much easier for starters.  Also if we decide to make DefaultAuthenticator final it doesn't break developers who may want to create their own implementations.  Also it makes it work better with DI frameworks, proxying etc.    

>- add receive Builder? makes more sense receive AuthenticationModule
It does and it doesn't.  I based DefaultAuthenticator in part on the goals of Pipeline which include being a factory.  Since I didn't want tons of overloaded .add methods, passing in the Builder makes the most sense.
I feel like I had a much better reason for it on Friday, but if I can't remember I'll probably change it.

>* RestAuthenticationModule

>- Avoid calling the callback in doInBackground if it change something in the UI that will cause an exception. 
Great catch, can't belive I missed that. Fixed

>- How about just letting the baseURL as mandatory?
I like that. Fixed.

>* Javadoc 
>- @link, @inheritDoc, ... don't need %
Fixed


From: "Daniel Passos" <[hidden email]>
To: "AeroGear Developer Mailing List" <[hidden email]>
Sent: Monday, October 29, 2012 6:04:15 AM
Subject: Re: [aerogear-dev] Android Auth branch and API

Hey Summers,

Awesome Job!!!

My 2 cents:

* HttpProvider

- Awesome idea change methods to return new HeaderAndBodyMap

* Authenticator

- Why Authenticator is an interface? We need this?
- add receive Builder? makes more sense receive AuthenticationModule

* RestAuthenticationModule

- Avoid calling the callback in doInBackground if it change something in the UI that will cause an exception. 
- How about just letting the baseURL as mandatory?

* Javadoc 

- @link, @inheritDoc, ... don't need %

-- 
Daniel Passos

On Friday, October 26, 2012 at 2:12 PM, Summers Pittman wrote:

My initial work is here:https://github.com/aerogear/aerogear-android/tree/auth

Changes to existing classes/API:

HttpProvider now returns a class called HeaderAndBodyMap.  This is a Map of the headers along with a byte array which was the body of the response.

HttpProvider
will throw a HttpException if it does not receive a 200 status

HttpException
wraps some information about the HTTP result.

Description of current Auth Classes and Methods:

Interfaces:
Authenticator is a factory/lookup class a la Pipeline.

AuthenticationModule is a module that manages a authenticated users credentials.  Provides enroll, login, logout, authToken, and isAuthenticated.

Builder is an interface that can instantiate an instance of AuthenticationModule.

Classes:

DefaultAuthenticator implements Authenticator 

RestAuthenticationModule implements AuthenticationModule  only login is implemented.


Todo:

Implement the rest of the methods in RestAuthenticationModule

Update Pipe implementations to use the AuthenticationModules


_______________________________________________
aerogear-dev mailing list


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Matthias Wessendorf
In reply to this post by Summers Pittman
* get_authToken and isAuthenticated => should they be really exposed
on the interface?
On iOS I am doing that in an _internal_ class (see [1])

* builder
is that close to what passos suggested for pipe/pipeline ?

-M


[1] https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h


On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman <[hidden email]> wrote:

> My initial work is
> here:https://github.com/aerogear/aerogear-android/tree/auth
>
> Changes to existing classes/API:
>
> HttpProvider now returns a class called HeaderAndBodyMap.  This is a Map of
> the headers along with a byte array which was the body of the response.
>
> HttpProvider will throw a HttpException if it does not receive a 200 status
>
> HttpException wraps some information about the HTTP result.
>
>
> Description of current Auth Classes and Methods:
>
> Interfaces:
>
> Authenticator is a factory/lookup class a la Pipeline.
>
>
> AuthenticationModule is a module that manages a authenticated users
> credentials.  Provides enroll, login, logout, authToken, and
> isAuthenticated.
>
>
> Builder is an interface that can instantiate an instance of
> AuthenticationModule.
>
>
> Classes:
>
> DefaultAuthenticator implements Authenticator
>
>
> RestAuthenticationModule implements AuthenticationModule  only login is
> implemented.
>
>
>
> Todo:
>
> Implement the rest of the methods in RestAuthenticationModule
>
>
> Update Pipe implementations to use the AuthenticationModules
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Summers Pittman


On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
> * get_authToken and isAuthenticated =>  should they be really exposed
> on the interface?
> On iOS I am doing that in an _internal_ class (see [1])
I think it should be.  The whole point of the module is to
provide/fetch/manage that information.
I could see the argument for moving authtoken out (either into a
typesafe class or making it private).  isAuthenticated is kinda
fundamental IMHO
>
> * builder
> is that close to what passos suggested for pipe/pipeline ?
Moving in that direction

>
> -M
>
>
> [1] https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
>
>
> On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<[hidden email]>  wrote:
>> My initial work is
>> here:https://github.com/aerogear/aerogear-android/tree/auth
>>
>> Changes to existing classes/API:
>>
>> HttpProvider now returns a class called HeaderAndBodyMap.  This is a Map of
>> the headers along with a byte array which was the body of the response.
>>
>> HttpProvider will throw a HttpException if it does not receive a 200 status
>>
>> HttpException wraps some information about the HTTP result.
>>
>>
>> Description of current Auth Classes and Methods:
>>
>> Interfaces:
>>
>> Authenticator is a factory/lookup class a la Pipeline.
>>
>>
>> AuthenticationModule is a module that manages a authenticated users
>> credentials.  Provides enroll, login, logout, authToken, and
>> isAuthenticated.
>>
>>
>> Builder is an interface that can instantiate an instance of
>> AuthenticationModule.
>>
>>
>> Classes:
>>
>> DefaultAuthenticator implements Authenticator
>>
>>
>> RestAuthenticationModule implements AuthenticationModule  only login is
>> implemented.
>>
>>
>>
>> Todo:
>>
>> Implement the rest of the methods in RestAuthenticationModule
>>
>>
>> Update Pipe implementations to use the AuthenticationModules
>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Matthias Wessendorf
On Mon, Oct 29, 2012 at 5:24 PM,  <[hidden email]> wrote:

>
>
> On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
>> * get_authToken and isAuthenticated =>  should they be really exposed
>> on the interface?
>> On iOS I am doing that in an _internal_ class (see [1])
> I think it should be.  The whole point of the module is to
> provide/fetch/manage that information.
> I could see the argument for moving authtoken out (either into a
> typesafe class or making it private).  isAuthenticated is kinda
> fundamental IMHO

I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
should be really not made available on the public API, IMO


-M

>>
>> * builder
>> is that close to what passos suggested for pipe/pipeline ?
> Moving in that direction
>>
>> -M
>>
>>
>> [1] https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
>>
>>
>> On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<[hidden email]>  wrote:
>>> My initial work is
>>> here:https://github.com/aerogear/aerogear-android/tree/auth
>>>
>>> Changes to existing classes/API:
>>>
>>> HttpProvider now returns a class called HeaderAndBodyMap.  This is a Map of
>>> the headers along with a byte array which was the body of the response.
>>>
>>> HttpProvider will throw a HttpException if it does not receive a 200 status
>>>
>>> HttpException wraps some information about the HTTP result.
>>>
>>>
>>> Description of current Auth Classes and Methods:
>>>
>>> Interfaces:
>>>
>>> Authenticator is a factory/lookup class a la Pipeline.
>>>
>>>
>>> AuthenticationModule is a module that manages a authenticated users
>>> credentials.  Provides enroll, login, logout, authToken, and
>>> isAuthenticated.
>>>
>>>
>>> Builder is an interface that can instantiate an instance of
>>> AuthenticationModule.
>>>
>>>
>>> Classes:
>>>
>>> DefaultAuthenticator implements Authenticator
>>>
>>>
>>> RestAuthenticationModule implements AuthenticationModule  only login is
>>> implemented.
>>>
>>>
>>>
>>> Todo:
>>>
>>> Implement the rest of the methods in RestAuthenticationModule
>>>
>>>
>>> Update Pipe implementations to use the AuthenticationModules
>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> [hidden email]
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Summers Pittman
On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:

> On Mon, Oct 29, 2012 at 5:24 PM,<[hidden email]>  wrote:
>>
>> On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
>>> * get_authToken and isAuthenticated =>   should they be really exposed
>>> on the interface?
>>> On iOS I am doing that in an _internal_ class (see [1])
>> I think it should be.  The whole point of the module is to
>> provide/fetch/manage that information.
>> I could see the argument for moving authtoken out (either into a
>> typesafe class or making it private).  isAuthenticated is kinda
>> fundamental IMHO
> I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
> should be really not made available on the public API, IMO
>
>
> -M
It has to be exposed somewhere so that the Pipe can apply the security
to its request.
Alternatively, AuthModule can apply security to the request but it will
require some refactoring to the Pipes API.

>>> * builder
>>> is that close to what passos suggested for pipe/pipeline ?
>> Moving in that direction
>>> -M
>>>
>>>
>>> [1] https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
>>>
>>>
>>> On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<[hidden email]>   wrote:
>>>> My initial work is
>>>> here:https://github.com/aerogear/aerogear-android/tree/auth
>>>>
>>>> Changes to existing classes/API:
>>>>
>>>> HttpProvider now returns a class called HeaderAndBodyMap.  This is a Map of
>>>> the headers along with a byte array which was the body of the response.
>>>>
>>>> HttpProvider will throw a HttpException if it does not receive a 200 status
>>>>
>>>> HttpException wraps some information about the HTTP result.
>>>>
>>>>
>>>> Description of current Auth Classes and Methods:
>>>>
>>>> Interfaces:
>>>>
>>>> Authenticator is a factory/lookup class a la Pipeline.
>>>>
>>>>
>>>> AuthenticationModule is a module that manages a authenticated users
>>>> credentials.  Provides enroll, login, logout, authToken, and
>>>> isAuthenticated.
>>>>
>>>>
>>>> Builder is an interface that can instantiate an instance of
>>>> AuthenticationModule.
>>>>
>>>>
>>>> Classes:
>>>>
>>>> DefaultAuthenticator implements Authenticator
>>>>
>>>>
>>>> RestAuthenticationModule implements AuthenticationModule  only login is
>>>> implemented.
>>>>
>>>>
>>>>
>>>> Todo:
>>>>
>>>> Implement the rest of the methods in RestAuthenticationModule
>>>>
>>>>
>>>> Update Pipe implementations to use the AuthenticationModules
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> [hidden email]
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>> _______________________________________________
>> aerogear-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Matthias Wessendorf
On Mon, Oct 29, 2012 at 5:47 PM,  <[hidden email]> wrote:

> On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
>>
>> On Mon, Oct 29, 2012 at 5:24 PM,<[hidden email]>  wrote:
>>>
>>>
>>> On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
>>>>
>>>> * get_authToken and isAuthenticated =>   should they be really exposed
>>>> on the interface?
>>>> On iOS I am doing that in an _internal_ class (see [1])
>>>
>>> I think it should be.  The whole point of the module is to
>>> provide/fetch/manage that information.
>>> I could see the argument for moving authtoken out (either into a
>>> typesafe class or making it private).  isAuthenticated is kinda
>>> fundamental IMHO
>>
>> I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
>> should be really not made available on the public API, IMO
>>
>>
>> -M
>
> It has to be exposed somewhere so that the Pipe can apply the security to
> its request.

right - that's why I added some internal API for that

but an end-user should IMO not be able to directly invoke "getToken()"

-M


> Alternatively, AuthModule can apply security to the request but it will
> require some refactoring to the Pipes API.
>
>
>>>> * builder
>>>> is that close to what passos suggested for pipe/pipeline ?
>>>
>>> Moving in that direction
>>>>
>>>> -M
>>>>
>>>>
>>>> [1]
>>>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
>>>>
>>>>
>>>> On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<[hidden email]>
>>>> wrote:
>>>>>
>>>>> My initial work is
>>>>> here:https://github.com/aerogear/aerogear-android/tree/auth
>>>>>
>>>>> Changes to existing classes/API:
>>>>>
>>>>> HttpProvider now returns a class called HeaderAndBodyMap.  This is a
>>>>> Map of
>>>>> the headers along with a byte array which was the body of the response.
>>>>>
>>>>> HttpProvider will throw a HttpException if it does not receive a 200
>>>>> status
>>>>>
>>>>> HttpException wraps some information about the HTTP result.
>>>>>
>>>>>
>>>>> Description of current Auth Classes and Methods:
>>>>>
>>>>> Interfaces:
>>>>>
>>>>> Authenticator is a factory/lookup class a la Pipeline.
>>>>>
>>>>>
>>>>> AuthenticationModule is a module that manages a authenticated users
>>>>> credentials.  Provides enroll, login, logout, authToken, and
>>>>> isAuthenticated.
>>>>>
>>>>>
>>>>> Builder is an interface that can instantiate an instance of
>>>>> AuthenticationModule.
>>>>>
>>>>>
>>>>> Classes:
>>>>>
>>>>> DefaultAuthenticator implements Authenticator
>>>>>
>>>>>
>>>>> RestAuthenticationModule implements AuthenticationModule  only login is
>>>>> implemented.
>>>>>
>>>>>
>>>>>
>>>>> Todo:
>>>>>
>>>>> Implement the rest of the methods in RestAuthenticationModule
>>>>>
>>>>>
>>>>> Update Pipe implementations to use the AuthenticationModules
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> [hidden email]
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> [hidden email]
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>>
>



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Summers Pittman
On 10/29/2012 12:49 PM, Matthias Wessendorf wrote:

> On Mon, Oct 29, 2012 at 5:47 PM,<[hidden email]>  wrote:
>> On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
>>> On Mon, Oct 29, 2012 at 5:24 PM,<[hidden email]>   wrote:
>>>>
>>>> On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
>>>>> * get_authToken and isAuthenticated =>    should they be really exposed
>>>>> on the interface?
>>>>> On iOS I am doing that in an _internal_ class (see [1])
>>>> I think it should be.  The whole point of the module is to
>>>> provide/fetch/manage that information.
>>>> I could see the argument for moving authtoken out (either into a
>>>> typesafe class or making it private).  isAuthenticated is kinda
>>>> fundamental IMHO
>>> I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
>>> should be really not made available on the public API, IMO
>>>
>>>
>>> -M
>> It has to be exposed somewhere so that the Pipe can apply the security to
>> its request.
> right - that's why I added some internal API for that
>
> but an end-user should IMO not be able to directly invoke "getToken()"
>
> -M
The best argument I can think of against adding it in is that some
authentication strategies may not use simple tokens or not use tokens at
all which makes the method problematic.

Do you have something else in mind?

As far as adding it goes it makes testing/querying/interrogating the
connection easier.  The API only exposes it as read only so the user
knows not to try and bust it.  (And good api design will have tokens be
either immutable or defensively copy)

>
>
>> Alternatively, AuthModule can apply security to the request but it will
>> require some refactoring to the Pipes API.
>>
>>
>>>>> * builder
>>>>> is that close to what passos suggested for pipe/pipeline ?
>>>> Moving in that direction
>>>>> -M
>>>>>
>>>>>
>>>>> [1]
>>>>> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
>>>>>
>>>>>
>>>>> On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<[hidden email]>
>>>>> wrote:
>>>>>> My initial work is
>>>>>> here:https://github.com/aerogear/aerogear-android/tree/auth
>>>>>>
>>>>>> Changes to existing classes/API:
>>>>>>
>>>>>> HttpProvider now returns a class called HeaderAndBodyMap.  This is a
>>>>>> Map of
>>>>>> the headers along with a byte array which was the body of the response.
>>>>>>
>>>>>> HttpProvider will throw a HttpException if it does not receive a 200
>>>>>> status
>>>>>>
>>>>>> HttpException wraps some information about the HTTP result.
>>>>>>
>>>>>>
>>>>>> Description of current Auth Classes and Methods:
>>>>>>
>>>>>> Interfaces:
>>>>>>
>>>>>> Authenticator is a factory/lookup class a la Pipeline.
>>>>>>
>>>>>>
>>>>>> AuthenticationModule is a module that manages a authenticated users
>>>>>> credentials.  Provides enroll, login, logout, authToken, and
>>>>>> isAuthenticated.
>>>>>>
>>>>>>
>>>>>> Builder is an interface that can instantiate an instance of
>>>>>> AuthenticationModule.
>>>>>>
>>>>>>
>>>>>> Classes:
>>>>>>
>>>>>> DefaultAuthenticator implements Authenticator
>>>>>>
>>>>>>
>>>>>> RestAuthenticationModule implements AuthenticationModule  only login is
>>>>>> implemented.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Todo:
>>>>>>
>>>>>> Implement the rest of the methods in RestAuthenticationModule
>>>>>>
>>>>>>
>>>>>> Update Pipe implementations to use the AuthenticationModules
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> aerogear-dev mailing list
>>>>>> [hidden email]
>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> [hidden email]
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>
>

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Kris Borchers
In reply to this post by Summers Pittman

On Oct 29, 2012, at 11:47 AM, [hidden email] wrote:

> On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:
>> On Mon, Oct 29, 2012 at 5:24 PM,<[hidden email]>  wrote:
>>>
>>> On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:
>>>> * get_authToken and isAuthenticated =>   should they be really exposed
>>>> on the interface?
>>>> On iOS I am doing that in an _internal_ class (see [1])
>>> I think it should be.  The whole point of the module is to
>>> provide/fetch/manage that information.
>>> I could see the argument for moving authtoken out (either into a
>>> typesafe class or making it private).  isAuthenticated is kinda
>>> fundamental IMHO
>> I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
>> should be really not made available on the public API, IMO
>>
>>
>> -M
> It has to be exposed somewhere so that the Pipe can apply the security
> to its request.
> Alternatively, AuthModule can apply security to the request but it will
> require some refactoring to the Pipes API.
This might be where JS is a little different and Matthias and I have had some brief discussions about this. JS passes a reference to the auth module into the pipe when created. Then, if necessary, the pipe can call the auth module's isAuthenticated method to determine whether or not it should include a token in the header or what ever that auth module/pipe combo requires. So technically, isAuthenticated is not "private" in JS but is what is known as privileged which means it's publicly accessible but has access to private vars and methods. The method itself though can not be modified thus adding a layer of protection. Thinking on it, I probably need a private method for isAuthenticated to call to add more protection but that's the idea.

>
>>>> * builder
>>>> is that close to what passos suggested for pipe/pipeline ?
>>> Moving in that direction
>>>> -M
>>>>
>>>>
>>>> [1] https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModuleAdapter.h
>>>>
>>>>
>>>> On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<[hidden email]>   wrote:
>>>>> My initial work is
>>>>> here:https://github.com/aerogear/aerogear-android/tree/auth
>>>>>
>>>>> Changes to existing classes/API:
>>>>>
>>>>> HttpProvider now returns a class called HeaderAndBodyMap.  This is a Map of
>>>>> the headers along with a byte array which was the body of the response.
>>>>>
>>>>> HttpProvider will throw a HttpException if it does not receive a 200 status
>>>>>
>>>>> HttpException wraps some information about the HTTP result.
>>>>>
>>>>>
>>>>> Description of current Auth Classes and Methods:
>>>>>
>>>>> Interfaces:
>>>>>
>>>>> Authenticator is a factory/lookup class a la Pipeline.
>>>>>
>>>>>
>>>>> AuthenticationModule is a module that manages a authenticated users
>>>>> credentials.  Provides enroll, login, logout, authToken, and
>>>>> isAuthenticated.
>>>>>
>>>>>
>>>>> Builder is an interface that can instantiate an instance of
>>>>> AuthenticationModule.
>>>>>
>>>>>
>>>>> Classes:
>>>>>
>>>>> DefaultAuthenticator implements Authenticator
>>>>>
>>>>>
>>>>> RestAuthenticationModule implements AuthenticationModule  only login is
>>>>> implemented.
>>>>>
>>>>>
>>>>>
>>>>> Todo:
>>>>>
>>>>> Implement the rest of the methods in RestAuthenticationModule
>>>>>
>>>>>
>>>>> Update Pipe implementations to use the AuthenticationModules
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> [hidden email]
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> [hidden email]
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Bruno Oliveira
In reply to this post by Matthias Wessendorf
+1 for isAuthenticated, but I would rather to have it renamed to isLoggedIn

-1 for getAuthToken - You're giving the benefit of the doubt here, allowing people to do whatever they want with it, for example: put it on local storage, save it in txt file (people are strange :) ).

It should be "transparent" to our devs and just for the record, token is specific to our domain in AeroGear.


-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Monday, October 29, 2012 at 2:49 PM, Matthias Wessendorf wrote:

On Mon, Oct 29, 2012 at 5:47 PM, <[hidden email]> wrote:
On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:

On Mon, Oct 29, 2012 at 5:24 PM,<[hidden email]> wrote:


On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:

* get_authToken and isAuthenticated => should they be really exposed
on the interface?
On iOS I am doing that in an _internal_ class (see [1])

I think it should be. The whole point of the module is to
provide/fetch/manage that information.
I could see the argument for moving authtoken out (either into a
typesafe class or making it private). isAuthenticated is kinda
fundamental IMHO

I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
should be really not made available on the public API, IMO


-M

It has to be exposed somewhere so that the Pipe can apply the security to
its request.

right - that's why I added some internal API for that

but an end-user should IMO not be able to directly invoke "getToken()"

-M


Alternatively, AuthModule can apply security to the request but it will
require some refactoring to the Pipes API.


* builder
is that close to what passos suggested for pipe/pipeline ?

Moving in that direction

-M


[1]


On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<[hidden email]>
wrote:

My initial work is

Changes to existing classes/API:

HttpProvider now returns a class called HeaderAndBodyMap. This is a
Map of
the headers along with a byte array which was the body of the response.

HttpProvider will throw a HttpException if it does not receive a 200
status

HttpException wraps some information about the HTTP result.


Description of current Auth Classes and Methods:

Interfaces:

Authenticator is a factory/lookup class a la Pipeline.


AuthenticationModule is a module that manages a authenticated users
credentials. Provides enroll, login, logout, authToken, and
isAuthenticated.


Builder is an interface that can instantiate an instance of
AuthenticationModule.


Classes:

DefaultAuthenticator implements Authenticator


RestAuthenticationModule implements AuthenticationModule only login is
implemented.



Todo:

Implement the rest of the methods in RestAuthenticationModule


Update Pipe implementations to use the AuthenticationModules



_______________________________________________
aerogear-dev mailing list
_______________________________________________
aerogear-dev mailing list



--
Matthias Wessendorf

_______________________________________________
aerogear-dev mailing list


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Android Auth branch and API

Summers Pittman
On 10/29/2012 01:03 PM, Bruno Oliveira wrote:
+1 for isAuthenticated, but I would rather to have it renamed to isLoggedIn

-1 for getAuthToken - You're giving the benefit of the doubt here, allowing people to do whatever they want with it, for example: put it on local storage, save it in txt file (people are strange :) ).

It should be "transparent" to our devs and just for the record, token is specific to our domain in AeroGear.

Oh, well in that case forget everything I said in favor of getAuthToken.  I thought it was supposed to be more generic than that.  I'll hide it.

-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Monday, October 29, 2012 at 2:49 PM, Matthias Wessendorf wrote:

On Mon, Oct 29, 2012 at 5:47 PM, <[hidden email]> wrote:
On 10/29/2012 12:36 PM, Matthias Wessendorf wrote:

On Mon, Oct 29, 2012 at 5:24 PM,<[hidden email]> wrote:


On 10/29/2012 11:30 AM, Matthias Wessendorf wrote:

* get_authToken and isAuthenticated => should they be really exposed
on the interface?
On iOS I am doing that in an _internal_ class (see [1])

I think it should be. The whole point of the module is to
provide/fetch/manage that information.
I could see the argument for moving authtoken out (either into a
typesafe class or making it private). isAuthenticated is kinda
fundamental IMHO

I am fine with exposing 'isAuthenticated()', but the "getAuthToken"
should be really not made available on the public API, IMO


-M

It has to be exposed somewhere so that the Pipe can apply the security to
its request.

right - that's why I added some internal API for that

but an end-user should IMO not be able to directly invoke "getToken()"

-M


Alternatively, AuthModule can apply security to the request but it will
require some refactoring to the Pipes API.


* builder
is that close to what passos suggested for pipe/pipeline ?

Moving in that direction

-M


[1]


On Fri, Oct 26, 2012 at 6:12 PM, Summers Pittman<[hidden email]>
wrote:

My initial work is

Changes to existing classes/API:

HttpProvider now returns a class called HeaderAndBodyMap. This is a
Map of
the headers along with a byte array which was the body of the response.

HttpProvider will throw a HttpException if it does not receive a 200
status

HttpException wraps some information about the HTTP result.


Description of current Auth Classes and Methods:

Interfaces:

Authenticator is a factory/lookup class a la Pipeline.


AuthenticationModule is a module that manages a authenticated users
credentials. Provides enroll, login, logout, authToken, and
isAuthenticated.


Builder is an interface that can instantiate an instance of
AuthenticationModule.


Classes:

DefaultAuthenticator implements Authenticator


RestAuthenticationModule implements AuthenticationModule only login is
implemented.



Todo:

Implement the rest of the methods in RestAuthenticationModule


Update Pipe implementations to use the AuthenticationModules



_______________________________________________
aerogear-dev mailing list
_______________________________________________
aerogear-dev mailing list



--
Matthias Wessendorf

_______________________________________________
aerogear-dev mailing list



_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev