Hi Colm, +1 for returning user instead of Boolean for authentication process. I wasn't happy about the current handling anyway, since URL pattern did not reflect a different response type. This way username and password can be seen as "search queries" for a user with matching username and password. If authentication is successful we should return 200 OK, if authentication fails we should return 404 NOT FOUND.
This way we could support both GET for returning matching user (including roles) or HEAD if only Authentication result (TRUE : 200 or FALSE : 404) is required. Applying these changes should be relatively easy. If no other syncope users raise concerns about this, you can create a JIRA issue for this. And we should also take Sergeys comment into account and disable caching for this authentication URL. Best regards. Jan > -----Original Message----- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Mittwoch, 20. Februar 2013 17:06 > To: Jan Bernhardt > Cc: dev@syncope.apache.org > Subject: Re: API query > > A second thought is that a API to return the User matching the given > username + password would be quite nice, unless there is another way of > doing this that I am missing. WDYT? > > Colm. > > On Wed, Feb 20, 2013 at 4:04 PM, Colm O hEigeartaigh > <cohei...@apache.org>wrote: > > > > > Thanks Jan, I have updated it. The "old" API method returns "null" if > > the User does not exist, whereas the new API does not seem to return > anything. > > Would it not be better in both cases to return "false" explicitly? Or > > are there backwards compatilbity concerns about changing this? > > > > Colm. > > > > > > On Wed, Feb 20, 2013 at 4:00 PM, Jan Bernhardt > <jbernha...@talend.com>wrote: > > > >> Hi Colm, > >> > >> The description is wrong, this method returns a boolean. > >> > >> Best regards. > >> Jan > >> > >> > -----Original Message----- > >> > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > >> > Sent: Mittwoch, 20. Februar 2013 16:48 > >> > To: dev@syncope.apache.org > >> > Subject: API query > >> > > >> > Hi all, > >> > > >> > From the wiki: > >> > > >> > > https://cwiki.apache.org/confluence/display/SYNCOPE/REST+API+upgrad > >> > e# > >> > RESTAPIupgrade-UserService > >> > > >> > GET /user/verifyPassword/{username}?password={password} GET > >> > /users?username={username}&pwd={password} Returns user if > username > >> > and password match with an existing account. > >> > This method actually returns a boolean not the user, and so the > >> description is > >> > invalid. > >> > > >> > Could someone clarify whether the new API is intended to return a > >> boolean > >> > or the User? > >> > > >> > Colm. > >> > > >> > > >> > -- > >> > Colm O hEigeartaigh > >> > > >> > Talend Community Coder > >> > http://coders.talend.com > >> > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
