Hi
On 20/02/13 19:16, Sergey Beryozkin wrote:
I wonder if
GET /users?username={username}pwd={password}
is safe enough, as these URIs might get cached somewhere given it is GET
(though not sure if the caching of URIs can happen with HTTPS).
Might make sense considering treating this as an
hEigeartaigh [mailto:cohei...@apache.org]
Sent: Mittwoch, 20. Februar 2013 17:06
To: Jan Bernhardt
Cc: dev@syncope.apache.org
Subject: Re: API query
A second thought is that a API to return the User matching the given
username + password would be quite nice, unless there is another way of
doing
Hi Colm,
The description is wrong, this method returns a boolean.
Best regards.
Jan
-Original Message-
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Mittwoch, 20. Februar 2013 16:48
To: dev@syncope.apache.org
Subject: API query
Hi all,
From the wiki:
Thanks Jan, I have updated it. The old API method returns null if the
User does not exist, whereas the new API does not seem to return anything.
Would it not be better in both cases to return false explicitly? Or are
there backwards compatilbity concerns about changing this?
Colm.
On Wed, Feb
A second thought is that a API to return the User matching the given
username + password would be quite nice, unless there is another way of
doing this that I am missing. WDYT?
Colm.
On Wed, Feb 20, 2013 at 4:04 PM, Colm O hEigeartaigh cohei...@apache.orgwrote:
Thanks Jan, I have updated it.
I wonder if
GET /users?username={username}pwd={password}
is safe enough, as these URIs might get cached somewhere given it is GET
(though not sure if the caching of URIs can happen with HTTPS).
Might make sense considering treating this as an action request, with
the credentials being
