Giter Club home page Giter Club logo

Comments (3)

iainmcgin avatar iainmcgin commented on June 14, 2024 2

Your reasoning makes sense, and I have seen a few practical examples where the authentication methods varied by platform for a service - for instance, supporting Google Sign-in on Android only. Such variation is usually disastrous though, as you end up locking users out of their accounts when they switch platforms :/

Playing it safe from our perspective and always requiring an app be explicit about the auth methods they support is probably the best course of action for now. So, sounds like this issue now becomes "remove wildcard behavior from spec".

from openyolo-android.

iainmcgin avatar iainmcgin commented on June 14, 2024

I think it would probably be better to just make the proto field optional, rather than having a "special" auth method value that could be accidentally mixed with other values.

from openyolo-android.

dxslly avatar dxslly commented on June 14, 2024

Maybe there is not a compelling reason to support this wildcard? Assumption: From my understanding the client application should always authenticate the retrieved credential therefore a retrieved credential with an unknown authentication method would be of no use to the client.

To avoid this possible scenario the client should only retrieve credentials with supported authentication methods.

Now that I think about this a wildcard seems like an opportunity for clients to potentially shoot themselves in the foot. For example I can imagine the following scenario where an app developer completes their android implementation using a wildcard for authentication method while their client only supports authentication method A, the developer adds a web frontend which supports authentication methods A and B, additional credentials are now available for unsupported authentication method B. Now the android application may receive unsupported credentials which may or may not be accounted for by the developer's implementation.

Additionally this wildcard is set as the default value when using the RetrieveRequest.Builder. If there is a reason to support it I suggest it is changed to an non-default value to help developers avoid the situation described above.

from openyolo-android.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.