[ https://issues.apache.org/jira/browse/OAK-6144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15997039#comment-15997039 ]
angela commented on OAK-6144: ----------------------------- [~baedke], since this is likely to involve extensions to exported API, i would appreciate if you would provide a patch for review including tests (and if needed update of documentation). thanks. /cc: [~alex.parvulescu], [~tripod] > ExternalIdentity should have a method indicating if an identity is actually > active > ---------------------------------------------------------------------------------- > > Key: OAK-6144 > URL: https://issues.apache.org/jira/browse/OAK-6144 > Project: Jackrabbit Oak > Issue Type: New Feature > Components: auth-external > Reporter: Manfred Baedke > Assignee: Manfred Baedke > > The interface ExternalIdentityProvider currently offers the method > getIdentity(ExternalIdentityRef) to resolve a reference to an external > Identity, but there is no way to tell if the external identity is considered > active by the identity provider. The ability to resolve the reference doesn't > mean that the resulting identity may actually be used for authentication or > authorization. > If ExternaIIdentity isn't able to express this difference, it's hard to come > up with a sensible implemenation of e.g. > SynchronizationMBean#purgeOrphanedUsers(), because the ability to resolve a > reference to an external identity doesn't mean that the corresponding Oak > user is still valid. > A new method ExternalIdentiy#isActive() would allow us to clearly define the > notion of an "orphaned user". -- This message was sent by Atlassian JIRA (v6.3.15#6346)