I wonder if
"GET /users?username={username}&pwd={password}"
is safe enough, as these URIs might get cached somewhere given it is GET
(though not sure if the caching of URIs can happen with HTTPS).
Might make sense considering treating this as an action request, with
the credentials being POSTed to /users resource and expecting a
validated user rep back,
Cheers, Sergey
On 20/02/13 16:06, Colm O hEigeartaigh wrote:
A second thought is that a API to return the User matching the given
username + password would be quite nice, unless there is another way of
doing this that I am missing. WDYT?
Colm.
On Wed, Feb 20, 2013 at 4:04 PM, Colm O hEigeartaigh<cohei...@apache.org>wrote:
Thanks Jan, I have updated it. The "old" API method returns "null" if the
User does not exist, whereas the new API does not seem to return anything.
Would it not be better in both cases to return "false" explicitly? Or are
there backwards compatilbity concerns about changing this?
Colm.
On Wed, Feb 20, 2013 at 4:00 PM, Jan Bernhardt<jbernha...@talend.com>wrote:
Hi Colm,
The description is wrong, this method returns a boolean.
Best regards.
Jan
-----Original Message-----
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Mittwoch, 20. Februar 2013 16:48
To: dev@syncope.apache.org
Subject: API query
Hi all,
From the wiki:
https://cwiki.apache.org/confluence/display/SYNCOPE/REST+API+upgrade#
RESTAPIupgrade-UserService
GET /user/verifyPassword/{username}?password={password} GET
/users?username={username}&pwd={password} Returns user if username
and password match with an existing account.
This method actually returns a boolean not the user, and so the
description is
invalid.
Could someone clarify whether the new API is intended to return a
boolean
or the User?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
