Skip to content

Authentication

Jump to bottom
Jóhannes Erlingsson edited this page May 15, 2017 · 1 revision

To do anything with the Meniga system a user must be authenticated. The standard way to authenticate is with user name and password.

The actual implementation of authenticating is left to the user of the SDK. The SDK provides an interface, AuthenticationProvider through which necessary headers and cookies can be set. Often, authentication takes the form of an authentication token, which is retrieved by calling an endpoint with a user name and a password. The server then sends the token back to the user's authentication class that implements the AuthenticationProvider interface. The SDK system will make sure that the authentication provider implementation is called at the right time to provide the necessary headers and cookies for the server to maintain an authenticated session with the client. The concrete headers and cookies vary between systems and are not specified by the SDK.

For the authentication provider to work it has to be injected into the SDK during setup through the MenigaSettings class.

The AuthenticationProvider interface requires you to implement the following methods:

List<KeyVal> getHeaders();

List<HttpCookie> getCookies();

This is all that is needed to maintain an authenticated session with a server. The values that you put into the headers and the cookies depends on your system and can be anything. To retrieve an authentication token you will have to either implement your own client logic or by using the SDKs generic web call mechanism:

MenigaTask<JSONObject> task = APIRequest.genericRequest(
	HttpMethod.POST,
	"/login/",
	body,
	null
);
task.getTask().continueWith(new Continuation<JSONObject, Object>() {
	@Override
	public Object then(Task<JSONObject> task) throws Exception {
		// TODO retrieve token and use it for session authentication

		return null;
	}
});

Keep in mind that you have to have inited the SDK before you can call generic calls through the SDK but you do not need to have a session token.

Once you have retrieved your authentication token (or it's equivalent, depending on the system), the SDK will automatically query the authentication provider by calling getHeaders and getCookies, here's an example of how that could work:

@Override
public List<KeyVal> getHeaders() {
	if(this.headers == null) {
		this.headers = new ArrayList<>();
		this.headers.add(new KeyVal<>("Authorization", "Bearer " + this.accessToken));
	}
	return this.headers;
}

@Override
public List<HttpCookie> getCookies() {
	// If cookies are used return them, can be null if they are not used
	return this.cookies;
}

Here you can see how authentication is first done via a separate network call, tokens are retrieved, stored and provided in the 'getHeaders' method. Each time the SDK performs a url request it will call the 'getHeaders' method of this authentication provider and add the header dictionary to the url request. In the same way cookies can be retrieved from an authentication check and stored for later use.

Clone this wiki locally