I'm working on Security not initialized in OC_CLIENT mode <https://jira.iotivity.org/browse/IOT-693>. I think I must have messed something up, because I'm finding that when my client sends a GET to a secured resource, the server cannot find the right ACE, because the identity encoded in the requestinfo is all 0s. So I always get UNAUTHORIZED.
My understanding is that a request should contain the device ID of the requesting device. The server will use this as subject id to find an ACE. Is this correct? I've been poking around in the sources but I cannot find where/how the client ID gets put into the request. If somebody could point me in the right direction I would appreciate it. I also don't see how the server does a credential check on requests. Is there an overview of how this is supposed to work somewhere? Thanks, Gregg -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161005/87236acc/attachment.html>
