Details
-
Bug
-
Resolution: Obsolete
-
Major
-
1.0.0.M6
-
None
Description
fter a successful login AND using AeroGear's token based authentication model (-> agAuth:true), when accessing protected resources (e.g. via save(), read()...) the "Auth-Token" is added to the request header of the outgoing request.
This is done in the following way:
The pipe's method (e.g. remove) delegates the 'http invocation' to the AeroGear.ajax() function (see [1]) including options and (jQuery) ajax settings. Now the Ajax function wants to add the required AuthIdentifier on its caller (the rest pipe), see [2]. Inside of the RestPipe's addAuthIdentifier (see [3]) a simple delegation to the addAuthIdentifier() of the "auth module" is done. In this function the Auth-Token header is applied (see [4]).
Not sure, but it feels a bit wrong that the headers are being passed around. Wouldn't it be more natural if the "rest pipe" would just "read" the auth-token and apply it to its own headers? Instead of passsing the header map around?
[1] https://github.com/aerogear/aerogear-js/blob/master/src/pipeline/adapters/rest.js#L376
[2] https://github.com/aerogear/aerogear-js/blob/master/src/utilities/aerogear.utilities.js#L45
[3] https://github.com/aerogear/aerogear-js/blob/master/src/pipeline/adapters/rest.js#L50
[4] https://github.com/aerogear/aerogear-js/blob/master/src/authentication/adapters/rest.js#L54