Authorization vs Authentication

Open DaoWen opened this issue 8 years ago • 0 comments

We seem to be using "authorization" in several places where we mean "authentication". For example:

The :authorization key in our config files (example-prod-config.edn:3)
The :authorization-middleware entry in our internal settings object (components.clj:367)
In our authentication middleware implementations (spnego.clj:53)
In the corresponding documentation.

I think this stems at least in part from the fact that the HTTP 401 response code kind of conflates the two terms—but it would really help my sanity when reading the Cook source code if we can be consistent and accurate with these two terms.

For outward-facing things like the config file, I suggest that we add new keywords, and deprecate (but still support) the old ones. For symbols/names that don't leak outside the scheduler, we should be able to do an audit and decide what should or shouldn't be renamed.

Jan 04 '18 18:01 DaoWen