Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
How does authentication work? #462
After reading the documentation, I see that it's possible to check that a "username" key has been defined in the Context in order to allow or deny access to a resource. However, there is nothing to indicate how this "username" got there.
Could the documentation be improved so that it provides a more complete explanation of how this might be used? How would a user log on/log off? How would a wisdom component check a password, and what would it do in the event of success/failure? Is the "context" something that a malicious user could hack, by injecting a random username?
2015-03-31 13:40 GMT+02:00 Kricket email@example.com:
Each authenticated action can define the name of the authenticator is want
About the documentation, definitely. The current documentation is quite
The user login / logoff is not directly defined by the authenticator (just
For instance, in
So, injecting a random username would not let him access to denied