Hello Gennady,
This plan sounds great.
From: che-dev-bounces@xxxxxxxxxxx [mailto:che-dev-bounces@xxxxxxxxxxx]
On Behalf Of Gennady Azarenkov
Sent: Wednesday 13 May 2015 16:03
To: che developer discussions
Subject: Re: [che-dev] Assigning alias to created user
Hello Alexander,
We internally discussed this.
Your option #1 sounds OK but we decided not to use the aliases, we realised that we have to remove or replace with something else if we want to use aliases for oAuth authentication (as I explained previously).
Instead we add "name" field in User object and make API use it for authentication and add ability to modify it. I think we deprecate and then remove "email" field (mostly because it is quite confusing that "email" is used for authentication).
Step 1 (it will let your implementation work as expected)
1/ We add "name" field to User, use it for plain (user/password) authentication and make it editable.
2/ We deprecate and then remove "email" field (user's email will be accessible in the Profile along with other fields but we wont use it for authentication).
3/ Until step 2 we continue to use and support "aliases" for oAuth authentication only.
Step 2 (next API version, not critical)
1/ We deprecate and then remove "aliases" from User
2/ We add oAuth login infos (provider and user name) to the User Preferences and make oAuth authentication use it instead of aliases.
On Mon, May 11, 2015 at 12:57 PM, Bolshakov, Alexander <alexander.bolshakov@xxxxxxx> wrote:
Hello Gennady,
Thank you for history background, it was helpful to understand the motivation for aliases.
I am working on local Che installation having multiple users and workspaces. My use case is very simple:
I want to create user with given username and password, not associated with any external account. Because user id is auto generated I came to the idea of using alias for storing the human-readable username, that uses chooses for himself. I see two options
to implement this scenario with minimal modifications to Che APIs:
1)
The ideal case would be adding option to attach user DTO to /api/user/create POST request. Then the scenario would look like:
a.
New user enters his username and password
b.
Following JSON is sent to /api/user/create?token=token as POST request: {"id":"","password":"password","aliases":["username"],"email":"email"}, user DTO is returned.
(possible new functionality)
c.
New user logs in with his username and password via /api/auth/login
This insecure behavior would be limited for local installations only.
2)
The second possibility for implementing this scenario would be:
a.
New user enters his username and password
b.
POST request sent to /api/user/create?token=token, user DTO is returned
c.
POST request sent to /api/auth/login with user authentication token
d.
POST request sent to /api/user/password, to set users password
e.
POST request sent to /api/user/aliases?new_alias=username, to attach username to user aliases
(possible new functionality)
As far as I understand this option is aligned with OAuth scenario.
I also have a question regarding the second scenario: how the newly created user is
supposed to login (thus its password is automatically generated), is this done using session-access-key cookie?
Regards,
Alexander
From:
che-dev-bounces@xxxxxxxxxxx [mailto:che-dev-bounces@xxxxxxxxxxx]
On Behalf Of Gennady Azarenkov
Sent: Monday 11 May 2015 08:42
To: che developer discussions
Subject: Re: [che-dev] Assigning alias to created user
Hello Alexander,
Some time ago we considered aliases primarily as alternative mechanism for OAuth authentication.
I.e user would be able to use several different third party accounts like google, github, facebook etc to be authenticated into Codenvy.
(it is opposite with current situation when yours github and google authentication leads to create and use 2 different accounts in Codenvy)
Taking into account that such a mechanism requires some non trivial development we added "alias" entity into model but not implement it as such to make sure it is really necessary.
So far it is not clear. :)
So, I understand that you want to be able to manage aliases, you are correct, behaviour like we have now is rather inconsistent (it is not implemented in fact).
So, before we decide about implementation, please explain how do you want to USE aliases. Do you have in mind some alternative authentication mechanism or something else?
On Sun, May 10, 2015 at 9:45 AM, Bolshakov, Alexander <alexander.bolshakov@xxxxxxx> wrote:
Hello Gennady,
The use case for these APIs is creation of user with custom username. Currently after a call to /api/user/create user id is auto generated and the list of aliases is empty.
One possible solution for this use-case is adding these APIs. The DELETE API is optional and is needed just for integrity reasons:
POST /api/user/alias – Addition of specified alias to the list of aliases of current user
DELETE /api/user/alias/${alias_name} – Deletion specified alias from the list of aliases of current user
Second solution is adding a “aliases” parameter to /api/user/create API, so the new user would already have the supplied aliases. Second solution is preferable.
Regards,
Alexander
From:
che-dev-bounces@xxxxxxxxxxx [mailto:che-dev-bounces@xxxxxxxxxxx]
On Behalf Of Gennady Azarenkov
Sent: Friday 08 May 2015 19:57
To: che developer discussions
Subject: Re: [che-dev] Assigning alias to created user
Hi Alexander,
Yes sure, just please give some more details about usecases you have in mind for this service to make sure we are talking about the same things
Cheers,
On Thu, May 7, 2015 at 5:20 PM, Bolshakov, Alexander <alexander.bolshakov@xxxxxxx> wrote:
Hello Sergii,
Would contribution of following extension of APIs be acceptable?
1)
POST /api/user/alias
2)
DELETE /api/user/alias/${alias_name}
From:
che-dev-bounces@xxxxxxxxxxx [mailto:che-dev-bounces@xxxxxxxxxxx]
On Behalf Of Sergii Kabashniuk
Sent: Thursday 07 May 2015 16:36
To: che developer discussions
Subject: Re: [che-dev] Assigning alias to created user
Right now we have no such ability.
We had this feature in our mind when we developing User API.
Generally speaking in future we want to have something like on Github,
when user is able to associate with his identity record several aliases aka email.
On Thu, May 7, 2015 at 10:08 AM, Bolshakov, Alexander <alexander.bolshakov@xxxxxxx> wrote:
Hello Che developers,
I wonder if there is an API to assign aliases to newly created Che users, as far as I understand from code no such API exists. When new Che user is created (POST to api/user/create)
its id is automatically generated by user service and aliases list is empty. Is there a way to assign a human-readable alias to this user?
Best Regards,
Alexander Bolshakov
Developer
Cloud Expirience DevX DI Core
SAP Labs Israel Ltd. 15 Hatidhar St. Ra'anana 43665 Israel
Tel:
+972 9 7779677 ; Mobile: +972 54 927546 ; Fax: +972 7 47609677
_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/che-dev
_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/che-dev
_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/che-dev
_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/che-dev
|
