Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Token default for clientId is Null #59

Closed
wants to merge 7 commits into from

Conversation

mattheworiordan
Copy link
Member

The current spec presents an issue for developers that want to authenticate with a wildcard clientId and want the client library to automatically perform this auth for them.

For example, when instancing a library, if specifying useTokenAuth: true, the client will currently always be either an anonymous client (if we assumed clientId defaults to null), or a wildcard client (assuming clientId defaults to *). I do not think we should be encouraging people to use a wildcard clientId by default, so I propose we:

  • Default clientId to null (anonymous) unless specfied
  • We allow the developer to configure the default TokenParams for the client library in the ClientOptions

@paddybyers @SimonWoolf WDYT?

@paddybyers
Copy link
Member

I agree that wildcard should not be automatic. If a token is requested without any clientId specified, then it's anonymous.

@mattheworiordan
Copy link
Member Author

@paddybyers you happy with the proposed defaultTokenParams attribute though as I believe we'll need it to address the shortcoming of a default null clientId

@paddybyers
Copy link
Member

you happy with the proposed defaultTokenParams attribute though as I believe we'll need it to address the shortcoming of a default null clientId

Much as I dislike the sprawling complexity of the API, I don't see another solution.

@mattheworiordan
Copy link
Member Author

Ok, I'll wait for @SimonWoolf thoughts before merging

@SimonWoolf
Copy link
Member

👍. I do think this makes useTokenAuth's behaviour a bit unexpected to someone who isn't very familiar with how our tokens work, but as long as we explain that in the docs for useTokenAuth (what to do if you want a token with the same permissions as you'd have using basic auth, ie defaultTokenParams: {clientId: '*'}), I guess that isn't a problem.

(I've no strong opinion on whether client libs should hold defaults for ttl & capability, so I'll stay out of that discussion)

Revisions can be made by anyone, so ensure we always link to the version we’ve created
This solves one problem for a developer whereby they can now specify a clientId wildcard token and useTokenAuth so that the client library automatically allows any clientId to be used without actually having assumed a clientId
Addresses issue whereby a client authenticated with a wildcard clientId value (indicating any clientId can be assumed), is not reflected to anyone observing the client i.e. Auth#clientId is null, yet Auth#clientId is also null when a client is anonymous.

Addresses realtime issue #349 and wiki issue #31

See ably/ably-ruby#66 for this issue discovered in ably-ruby
When versioning is implemented, it will ensure that the REST API provides consistent defaults
@mattheworiordan
Copy link
Member Author

This has been merged in...

@mattheworiordan mattheworiordan deleted the token-default-wildcard-client-id branch November 20, 2015 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants