Considering the simultaneous login attempt, explained by Darshana, for same account by different devices, AuthenticationContext would be the best place. Note that this attempt may be from the owner of the user or by some other. The AuthenticatorContext will be created when the flow is initialized for the request.
A simple authenticator to get an idea for you would be FIDOAuthenticator and FacebookAuthenticator. +1 for AuthenticationContext. Thanks, Chamara Philips. On Mon, Oct 26, 2015 at 9:15 AM, Darshana Gunawardana <darsh...@wso2.com> wrote: > There can be situations where the same user simultaneously try to login > with two devices which leads to having two valid tokens for a one user. So > this token cannot be treated as an user's attribute; It should have more > finer scope. > > And I assume these tokens are generated at the time SMSOTP authenticator > get invoked on *each* authentication request. Hence I assume the token is > valid only for that particular authentication request. Ideally these tokens > should stored in a context specific to the Authenticator or to a Step. > Since the current version of the authentication framework doesn't have such > context, the best place to store these token is in the > AuthenticationContext since the AuthneticationContext have the scope as the > the full authentication flow. > > Hence, > > On Sun, Oct 25, 2015 at 6:00 PM, Malaka Silva <mal...@wso2.com> wrote: > >> Yes I guess we are referring to AuthiticationContext as caching here. I >> also agree that it should be stored there. >> > > +1 for storing user tokens on AuthenticationContext. > > Thanks, > Darshana. > > > > >> >> On Sat, Oct 24, 2015 at 2:43 PM, Chamara Philips <chama...@wso2.com> >> wrote: >> >>> Hi, >>> Hope this token is generated by code and sent to the user's phone for >>> him to input. Then you validate the user with WSO2 IS, matching the token. >>> After he has used it once he can't use that again. >>> Based on that assumption, I think the best option is to go with cache. >>> Usually userstore is not used in scenarios like this. >>> When you generate the new token for the same user you can update the >>> cache and continue. >>> >>> Hope it helps. >>> >>> Thanks. >>> >>> On Sat, Oct 24, 2015 at 1:58 PM, Elilmatha Sivanesan <elilma...@wso2.com >>> > wrote: >>> >>>> Hi >>>> >>>> I'm writing SMSOTP Authenticator for IS, For that I'm generating a >>>> token to be sent to the phone, I have the requirement to store that >>>> generated tokens. >>>> >>>> For that what is the best option to go with.(user store/cache/...). >>>> >>>> Thanks. >>>> -- >>>> *S.Elilmatha* >>>> Associate Software Engineer, >>>> >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> Mobile 0779842221. >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Hareendra Chamara Philips >>> *Software Engineer* >>> Mobile : +94 (0) 767 184161 <%2B94%20%280%29%20773%20451194> >>> chama...@wso2.com <thili...@wso2.com> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Best Regards, >> >> Malaka Silva >> Senior Tech Lead >> M: +94 777 219 791 >> Tel : 94 11 214 5345 >> Fax :94 11 2145300 >> Skype : malaka.sampath.silva >> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >> Blog : http://mrmalakasilva.blogspot.com/ >> >> WSO2, Inc. >> lean . enterprise . middleware >> http://www.wso2.com/ >> http://www.wso2.com/about/team/malaka-silva/ >> <http://wso2.com/about/team/malaka-silva/> >> https://store.wso2.com/store/ >> >> Save a tree -Conserve nature & Save the world for your future. Print this >> email only if it is absolutely necessary. >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Regards, > > > *Darshana Gunawardana*Senior Software Engineer > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware > -- Hareendra Chamara Philips *Software Engineer* Mobile : +94 (0) 767 184161 <%2B94%20%280%29%20773%20451194> chama...@wso2.com <thili...@wso2.com>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
