-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth Token specs #26
Auth Token specs #26
Conversation
- New Quick version - New Nimble version - New stable version of SocketRocket - No change for Objective-C lib for compatibility with older versions - Now it's possilbe to use Asynchronous Expectations Important: - Main workspace had a different name (ably-ios.x VS ably.x). - I changed it for consistency and future updates.
@@ -38,12 +40,17 @@ - (instancetype)init:(ARTRest *)rest withOptions:(ARTClientOptions *)options { | |||
} else if (options.tokenDetails) { | |||
[self.logger debug:@"ARTAuth: setting up auth method Token with supplied token only"]; | |||
_method = ARTAuthMethodToken; | |||
} else if (options.authUrl && options.authCallback) { | |||
[NSException raise:@"ARTAuthException" format:@"Could not setup authentication method with given options."]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this rather say "Incompatible authentication configuration: please specify either authCallback and authUrl"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I will change it. The first PR to merge is the conversion into Swift 2.
About the clientId
... the attribute is missing on Auth class. I don't know why and I'm trying to figure it out.
On 12 October 2015 at 22:04:20, mattheworiordan ([email protected]) wrote:
In ably-ios/ARTAuth.m:
@@ -38,12 +40,17 @@ - (instancetype)init:(ARTRest *)rest withOptions:(ARTClientOptions *)options {
} else if (options.tokenDetails) {
[self.logger debug:@"ARTAuth: setting up auth method Token with supplied token only"];
_method = ARTAuthMethodToken;
} else if (options.authUrl && options.authCallback) {
Can this rather say "Incompatible authentication configuration: please specify either authCallback and authUrl"[NSException raise:@"ARTAuthException" format:@"Could not setup authentication method with given options."];
—
Reply to this email directly or view it on GitHub.
Looking good. Can you confirm in what order I should do the merges please? |
…ably-ios into auth-token-specs
@@ -206,6 +225,7 @@ - (void)createTokenRequest:(ARTAuthTokenParams *)tokenParams options:(ARTAuthOpt | |||
} | |||
|
|||
- (BOOL)canRequestToken { | |||
// FIXME: not used?! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When will this get resolved Is it not possible to do it with this PR?
@paddybyers Wow. Some code is duplicated on |
- This failed in RTP9a because it sometimes ends but the ACK/NACK of the last sent presence message has not arrived yet, it means the callback is pended. The callback is called when the connection closes (test ends), a "ARTErrorInfo with code 0, message: connection broken before receiving publishing acknowledgment." happens and it will crash because the callback is nil. EXC_BAD_ACCESS (code=1, address=0x10) in ARTRealtimeChannel.m:335 Thread 3 Queue : io.ably.tests (serial) #0 0x000000012186c6b4 in __47-[ARTRealtimeChannel publishPresence:callback:]_block_invoke.164 at /<redacted>/ably-cocoa/Source/ARTRealtimeChannel.m:335 #1 0x000000012186ecdd in __43-[ARTRealtimeChannel sendMessage:callback:]_block_invoke at /<redacted>/ably-cocoa/Source/ARTRealtimeChannel.m:450 #2 0x00000001218be38e in __22-[ARTEventEmitter on:]_block_invoke at /<redacted>/ably-cocoa/Source/ARTEventEmitter.m:209 #3 0x00000001083ff632 in -[__NSObserver _doit:] () #4 0x00000001094827bc in __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ () #5 0x0000000109481c3f in _CFXRegistrationPost () #6 0x0000000109481983 in ___CFXNotificationPost_block_invoke () #7 0x00000001095657c2 in -[_CFXNotificationRegistrar find:object:observer:enumerator:] () #8 0x00000001094812d1 in _CFXNotificationPost () #9 0x00000001083ffddb in -[NSNotificationCenter postNotificationName:object:userInfo:] () #10 0x00000001218bf843 in -[ARTEventEmitter emit:with:] at /<redacted>/ably-cocoa/Source/ARTEventEmitter.m:275 #11 0x0000000121915222 in -[ARTRealtime transition:withErrorInfo:] at /<redacted>/ably-cocoa/Source/ARTRealtime.m:429 #12 0x0000000121914c0a in -[ARTRealtime transition:] at /<redacted>/ably-cocoa/Source/ARTRealtime.m:412 #13 0x000000012191b755 in -[ARTRealtime onClosed] at /<redacted>/ably-cocoa/Source/ARTRealtime.m:768 #14 0x0000000121928933 in -[ARTRealtime realtimeTransport:didReceiveMessage:] at /<redacted>/ably-cocoa/Source/ARTRealtime.m:1392 #15 0x00000001218c4bef in -[ARTWebSocketTransport receive:] at /<redacted>/ably-cocoa/Source/ARTWebSocketTransport.m:109 #16 0x00000001218c4cbe in -[ARTWebSocketTransport receiveWithData:] at /<redacted>/ably-cocoa/Source/ARTWebSocketTransport.m:114 #17 0x00000001218c7c44 in -[ARTWebSocketTransport webSocketMessageData:] at /<redacted>/ably-cocoa/Source/ARTWebSocketTransport.m:367 #18 0x00000001218c77a0 in -[ARTWebSocketTransport webSocket:didReceiveMessage:] at /<redacted>/ably-cocoa/Source/ARTWebSocketTransport.m:349 #19 0x0000000121bf06c9 in __43-[SRWebSocket _handleFrameWithData:opCode:]_block_invoke.239 () #20 0x000000010b3e2ccf in _dispatch_call_block_and_release () #21 0x000000010b3e3d02 in _dispatch_client_callout () #22 0x000000010b3ea720 in _dispatch_lane_serial_drain () #23 0x000000010b3eb261 in _dispatch_lane_invoke () #24 0x000000010b3f3fcb in _dispatch_workloop_worker_thread () #25 0x000000010bb12611 in _pthread_wqthread () #26 0x000000010bb123fd in start_wqthread ()
RSA3
Token Auth:RSA3a
Can be used over HTTP or HTTPsRSA3b
For REST requests, the token string is Base64 encoded and used in the Authorization: Bearer headerRSA3c
For Realtime connections, the querystring param access_token is appended to the URL endpointRSA4
Token Auth is used if useTokenAuth is set to true, or if useTokenAuth is unspecified and any one of the following conditions cause token auth to be selected as the default: a clientId is specified; authUrl or authCallback is provided; an explicit token or TokenDetails is providedRSA14
If Token Auth is selected, an exception will be raised if a token is not provided or there is no means to generate a token. For example, if only the option useTokenAuth is specified, and a key is not provided, then the client library is unable to authenticate or issue a tokenRSA15
If Token Auth is selected and clientId has been set in the ClientOptions when the library was instanced:RSA15a
Any clientId provided in ClientOptions must match any non null clientId value in TokenDetails or connectionDetails of the CONNECTED ProtocolMessage, where applicableRSA15b
If the clientId from TokenDetails or connectionDetails contains only a wildcard string '*', then the client is permitted to be either unauthenticated (effectively anonymous without a clientId) or authenticated providing a clientId when communicating with AblyRSA15c
Following an auth request which uses a TokenDetails or TokenRequest object that contains an incompatible clientId, the library should change the connection state to FAILED and emit an errorRSA5
TTL for new tokens is specified in milliseconds and defaults to the REST API default (1 hour)RSA6
The capability, if not specified, defaults to allow all operations permitted for the key associated with the tokenRSA7
clientId and authenticated clients:RAS7a
If a clientId is provided in the ClientOptions, or is present in the current authentication token, then the client is considered to be authenticated (it has a clientId that is implicit in all operations). Note that an authentication token clientId wildcard value of '*' is the exception where the client is not necessarily authenticated and any clientId is permitted. The following applies to authenticated clients:RAS7a1
All operations (such as message publishing or presence) will have an implicit clientId. The Ably service automatically updates the clientId attribute (when empty) for all Message and PresenceMessage messages received from that authenticated client, and any messages then published from the Ably service, will have the clientId attribute populated. It is therefore expected that Ably client libraries do not explicitly set the clientId field on messages published when clientId is implicit in the connection or authentication schemeRSA7a2
If clientId is provided in ClientOptions, and an API key is provided along with no other means to generate a token, the client library will authenticate with Ably and obtain a token using the provided clientId ensuring the token is restricted to operations for that clientIdRSA7a3
Auth#clientId attribute returns a string value for the authenticated client’s clientIdRSA12
Auth#clientId attribute is null, when following authentication, the clientId attribute of the TokenDetails is a wildcard '*', indicating that any clientId can be used by this clientRSA7b
Auth#clientId is not null when:RSA7b1
A clientId is provided in the ClientOptions. clientId should be a stringRSA7b2
Token authentication is being used, and the TokenRequest or TokenDetails object, used for authentication, has a clientId value that is not null or a wildcard string '*'RSA7b3
Following a realtime connection being established, if the CONNECTED ProtocolMessages contains a clientId that is both not null and not a wildcard string '*'. clientId is an attribute of ProtocolMessage#connectionDetails within a CONNECTED ProtocolMessageRSA7c
A clientId provided in the ClientOptions when instancing the library must be either null or a string, and cannot contain only a wilcard '*' value which is reserved