[ 
https://issues.apache.org/jira/browse/OAK-6144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15997039#comment-15997039
 ] 

angela commented on OAK-6144:
-----------------------------

[~baedke], since this is likely to involve extensions to exported API, i would 
appreciate if you would provide a patch for review including tests (and if 
needed update of documentation). thanks.

/cc: [~alex.parvulescu], [~tripod]

> ExternalIdentity should have a method indicating if an identity is actually 
> active
> ----------------------------------------------------------------------------------
>
>                 Key: OAK-6144
>                 URL: https://issues.apache.org/jira/browse/OAK-6144
>             Project: Jackrabbit Oak
>          Issue Type: New Feature
>          Components: auth-external
>            Reporter: Manfred Baedke
>            Assignee: Manfred Baedke
>
> The interface ExternalIdentityProvider currently offers the method 
> getIdentity(ExternalIdentityRef) to resolve a reference to an external 
> Identity, but there is no way to tell if the external identity is considered 
> active by the identity provider. The ability to resolve the reference doesn't 
> mean that the resulting identity may actually be used for authentication or 
> authorization.
> If ExternaIIdentity isn't able to express this difference, it's hard to come 
> up with a sensible implemenation of e.g. 
> SynchronizationMBean#purgeOrphanedUsers(), because the ability to resolve a 
> reference to an external identity doesn't mean that the corresponding Oak 
> user is still valid.
> A new method ExternalIdentiy#isActive() would allow us to clearly define the 
> notion of an "orphaned user".



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to