Closed coyotespike closed 7 years ago
For easy reference, here are other issues addressing the topic.
Oh nice, it would be great to add them to the README ;)
Have just setup a basic wiki where we can maybe start collecting together info like this from users?
Please feel free to move/add anything there that you think others might find handy. And that way no need to wait for me to merge, etc.
Cheers :-)
I read through all of the suggested docs and I still don't understand how I should handle authentication, what the lifecycle for uid/sessions are and during what event I should assign or check them. Do I need to wrap sente routes with wrap-session
middleware?
Is there a full example somewhere? Would appreciate it.
I've read all the discussions in the issues about authorization and authentication. Here's my current understanding.
:uid
tag by which Sente identifies a client to enable server-side pushing. After authentication, simply set the:uid
tag.:uid
for two purposes, which is efficient. Thereafter Sente checks for the:uid
anyway. However this method doesn't allow token timeout, and the Buddy library expects the token to live in:identity
.:identity
or with:uid
should be encrypted in some special way. If not we are essentially checking for the mere existence of the token, whatever it is.:identity
then we also get the Buddy functions. As long as Sente passes the normal Ring session back and forth over the web sockets, then we can set and pass tokens on client and server sides in the normal Buddy way. It seems this is preferable to duplicating security functionality to work with Sente. And this is why Sente is or can be orthogonal to Buddy/Friend.How does that sound, especially 5?
One more follow up question.
In #173 it's pointed out that we can use a
params
option when creating a channel socket. If I use that, should I be starting the router with the:params
option, sending my authorization request, and then close the router?I would then run
(sente/start-chsk-router! ch-chsk event-msg-handler*)
again for a specific future request, without the:params
.