Home Explore Help
Sign In
mirror
/
Alamofire
mirror of https://github.com/Alamofire/Alamofire.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Moved retrier production disclaimer above example for better reinforcement.

Christian Noon 9 years ago
parent
904d0d3605
commit
2f005e490b
1 changed files with 4 additions and 2 deletions
Split View Show Diff Stats
  1. 4 2
      README.md

+ 4 - 2
README.md
View File 

@@ -1149,6 +1149,10 @@ sessionManager.request("https://httpbin.org/get", withMethod: .get)
 
 
 The `RequestRetrier` protocol allows a `Request` that encountered an `Error` while being executed to be retried. When using both the `RequestAdapter` and `RequestRetrier` protocols together, you can create credential refresh systems for OAuth1, OAuth2, Basic Auth and even exponential backoff retry policies. The possibilities are endless. Here's a short example of how you could implement a refresh flow for OAuth2 access tokens.
 
 
+> Please note that this is not a global `OAuth2` solution. It is merely an example demonstrating how one could use the `RequestAdapter` in conjunction with the `RequestRetrier` to create a thread-safe refresh system. 
+
 
+> To reiterate, **do NOT copy** this sample code and drop it into a production application. This is merely an example. Each authentication system must be tailored to a particular platform and authentication type.
 
+
 
 ```swift
 
 class OAuth2Handler: RequestAdapter, RequestRetrier {
 
     private typealias RefreshCompletion = (_ succeeded: Bool, _ accessToken: String?, _ refreshToken: String?) -> Void
 
@@ -1277,8 +1281,6 @@ The example above only checks for a `401` response code which is not nearly robu
 
 
 Another important note is that this authentication system could be shared between multiple session managers. For example, you may need to use both a `default` and `ephemeral` session configuration for the same set of web services. The example above allows the same `oauthHandler` instance to be shared across multiple session managers to manage the single refresh flow.
 
 
-> Please note that this is not a global OAuth2 solution. It is merely an example demonstrating how one could use the `RequestAdapter` in conjunction with the `RequestRetrier` to create a thread-safe refresh system.
 
-
 
 ### Security
 
 
 Using a secure HTTPS connection when communicating with servers and web services is an important step in securing sensitive data. By default, Alamofire will evaluate the certificate chain provided by the server using Apple's built in validation provided by the Security framework. While this guarantees the certificate chain is valid, it does not prevent man-in-the-middle (MITM) attacks or other potential vulnerabilities. In order to mitigate MITM attacks, applications dealing with sensitive customer data or financial information should use certificate or public key pinning provided by the `ServerTrustPolicy`.