Very simple questions: 99% of times a system does not have the user's secret but only some hashed form of it. I need to pass the clear-text password to the verifySecret method in the Provided credentials, in order to match it with the one in the basic authentication header.
Is all the BasicAuthentication code useless unless I know the user's secret or there's something I'm missing? Right now I'm basically rewriting that code to apply bcrypt to the received password and compare it with the hashed value i retrieve from the user service. I see some nice-to-have features like fastfutures and secure comparisons, but if I can only compare to the clear text data it's not much use. Something like a "mapSecret" would be useful. Thanks G object UserCredentials { case object Missing extends UserCredentials abstract case class Provided(username: String) extends UserCredentials { def verifySecret(secret: String): Boolean } } -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscr...@googlegroups.com. To post to this group, send email to akka-user@googlegroups.com. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.