What's the difference between using credentials and authenticator on CBLReplicator?

70 views
Skip to first unread message

Brendan Duddridge

unread,
Mar 16, 2016, 5:04:15 AM3/16/16
to Couchbase Mobile

I'm just curious what's the difference between using credentials or an authenticator on a CBLReplicator object?


The documentation seems to imply they are similar, although the wording is slightly different.


For credential:


/** The credential (generally username+password) to use to authenticate to the remote database.

    This can either come from the URL itself (if it's of the form "http://user:pa...@example.com")

    or be stored in the NSURLCredentialStorage, which is a wrapper around the Keychain. */


NSURLCredential *credential = [NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistenceSynchronizable];

self.currentPull.credential = credential;


and for authenticator:


/** An object that knows how to authenticate with a remote server.

    CBLAuthenticator is an opaque protocol; instances can be created by calling the factory methods

    of the class of the same name. */


id<CBLAuthenticator> authenticator = [CBLAuthenticator basicAuthenticatorWithName: username password: password];

self.currentPull.authenticator = authenticator;


Is it better to have both setup like above, or just credential, or just authenticator?

To me they both appear to kind of do the same thing, namely provide a username and password to the CBLReplicator so it can authenticate against the remote server.

Just curious. Currently I have them both set and it seems to do no harm.


Thanks,

Brendan

Jens Alfke

unread,
Mar 16, 2016, 11:18:34 AM3/16/16
to mobile-c...@googlegroups.com
The credential API came first. Authenticators are a generalization that supports more auth systems.

—Jens 
--
You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mobile-couchba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/0c8a2caf-27af-483c-83cc-86a2c78c63b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Brendan Duddridge

unread,
Mar 16, 2016, 2:11:21 PM3/16/16
to Couchbase Mobile
So then I should use only a CBLAuthenticator?

Thanks!

Brendan

Jens Alfke

unread,
Mar 16, 2016, 2:27:09 PM3/16/16
to mobile-c...@googlegroups.com

On Mar 16, 2016, at 11:11 AM, Brendan Duddridge <bren...@gmail.com> wrote:

So then I should use only a CBLAuthenticator?

If you just need HTTP auth, you can use either. An NSURLCredential has the small advantage that the password will only be in memory while an HTTP request is being assembled and sent. This is good if you’re super paranoid about malicious code scanning your address space looking for sensitive data (as happened in the Heartbleed attack.)

—Jens

Brendan Duddridge

unread,
Mar 16, 2016, 3:32:50 PM3/16/16
to Couchbase Mobile
Hi Jens,

That's interesting. I didn't know that.

So is there any benefit to using the CBLAuthenticator for basic authentication then? If not and it really doesn't matter other than the small benefit of the credential, then I'll use the NSURLCredential instead since a small benefit is better than no benefit. I do store the password in the keychain already though and obtain it from there whenever I need it.

Thanks,

Brendan

Jens Alfke

unread,
Mar 16, 2016, 4:50:49 PM3/16/16
to mobile-c...@googlegroups.com

On Mar 16, 2016, at 12:32 PM, Brendan Duddridge <bren...@gmail.com> wrote:

I do store the password in the keychain already though and obtain it from there whenever I need it.

You shouldn’t even need to register it with the replicator, then — the replicator will automatically look for a credential in the keychain when it starts.

—Jens
Reply all
Reply to author
Forward
0 new messages