I'm now Implementing Authorization to PhotArk . When doing so, I encountered a problem of identifying from where the JSON RPC request came from.
In this case I have no other choice than sending the information of the user, who is sending this requests with each JSON RPC call. Here, at the time of page load, I retrieve a unique random token using a http request and then sends that token with every JSON RPC request. So the back end can Identify who is the user calling this service and provide the appropriate response according to his permissions. In this case If we are sending the token as a parameter of the JSON RPC call, then a new GallerySecuruty interface should be written - which contains some methods with the gallery interface have, but with an additional token parameter. This GallerySecuruty interface will be then extended by gallery. Please let me know if this is OK Or if any one have any better way to implementing this. Thanks in advance Suho
