Alexander Klimetschek created OAK-4932:

             Summary: DefaultSyncContext.sync(String) could use 
                 Key: OAK-4932
             Project: Jackrabbit Oak
          Issue Type: Improvement
          Components: auth-external
            Reporter: Alexander Klimetschek

Instead of 
 the implementation of the DefaultSyncHandler could use 
{{ExternalIdentityProvider.getIdentity(ExternalIdentityRef)}}, as it looks up 
the reference right before (based on the {{rep:externalId}}) and fails if not 

h4. Reasoning

Implementing {{getUser/Group(id)}} in an ExternalIdentityProvider can be 
difficult, because you need a way to search the external identity system 
efficiently by the local user id, which might not always be the case, if the 
external system uses another id and is only optimized for that.

h4. Consequences

# The only other place using {{ExternalIdentityProvider.getUser(String)}} is 
 in case the user is pre-authenticated and does not exist locally yet. However, 
this is a specific use case that might not apply to all identity providers, in 
which case they could happily skip implementing this method. A note in the 
javadoc could clarify this for implementors.
# {{ExternalIdentityProvider.getGroup(String)}} would then be use in no other 
place (in the sync code) and could even be deprecated, as I can't imagine 
another application specific use case for it.

This message was sent by Atlassian JIRA

Reply via email to