The login method response, when successful, contains useful information about the account and notably, the authentication token value that can be later used to do a resume style login when re-establishing a connection to the server.
Presently for login methods that use the _login function, this result is only checked to verify the HAMK value, and then dropped. For the loginWithToken method, the result from the server response is returned as the second parameter to the provided callback.
This commit causes the result value to be passed back to the caller as a second parameter on the callback from the _login function as well, mirroring what is already done for loginWithToken.
There should be no security implications to making this login response easily accessible in this way, since the application can already listen for the appropriate message event on the client object to obtain the same information. This change simply makes it much easier to get the return value, and makes loginWithToken and all of the other methods use the same callback signature.
There are no backward compatibility issues with this update. It should be safe under semver for a x.x.+1 release.
Thanks for considering this change. I need it for my app to get access to the authentication token.
The
login
method response, when successful, contains useful information about the account and notably, the authenticationtoken
value that can be later used to do aresume
style login when re-establishing a connection to the server.Presently for login methods that use the
_login
function, this result is only checked to verify theHAMK
value, and then dropped. For theloginWithToken
method, the result from the server response is returned as the second parameter to the provided callback.This commit causes the result value to be passed back to the caller as a second parameter on the callback from the
_login
function as well, mirroring what is already done forloginWithToken
.There should be no security implications to making this login response easily accessible in this way, since the application can already listen for the appropriate
message
event on the client object to obtain the same information. This change simply makes it much easier to get the return value, and makesloginWithToken
and all of the other methods use the same callback signature.There are no backward compatibility issues with this update. It should be safe under semver for a x.x.+1 release.
Thanks for considering this change. I need it for my app to get access to the authentication token.
Vaughn