Spec - ProtectedSource
A strict extension of the data source API. Used to provide network-safe access to the database.
Generally an authenticated data source will be created by `createProtectedSource`, but network sources can proxy an auth source on the server.
Auth Actions
In addition to the Source actions, the following actions will be supported for a protected source.
PutPermissionRules
Configure permissions of reading/writing/administrating a doc within a domain.
CreateSession
Creates a session using the authentication providers
CreateAnonymousSession
Takes a domain and creates a session for an anonymous user.
DestroySession
Log out of a session.
VerifySession
Validates a session object.
VerifyAuth
Takes a domain and an auth object, and validates the authentication. Either by verifying the session, or by performing a step in the authentcation process.
SetAccountName
This feature is not yet tested/complete, but it is meant to allow a user to change their username.
PutAuthProvider
Allows an anonymous or authenticated user to add or set an authentication provider for their account. May be used by an anonymous user to add an email address, for example. This feature is not yet tested/complete.
observeDoc(domain, name, auth)
An additional argument is available on observeDoc, which allows you to specify the authentication object for the subscription. If the authentication fails, observeDoc will asyncronously reject.
observeDocChildren(domain, name, auth)
Auth-safe interface for observeDocChildren.