[aerogear-dev] Basic/Digest Auth and JS

Summers Pittman supittma at redhat.com
Wed May 22 10:43:23 EDT 2013 

On 05/22/2013 10:12 AM, Kris Borchers wrote:
> OK, so I am going to try to spell out the workflow as I see it working 
> in JS. I would appreciate any feedback on whether or not this is 
> crazy/wrong.
>
>  1. Create Basic or Digest authenticator
>      1. Must include a callback to be fired when a request to auth is
>         received from server
>  2. Create pipe which uses this authenticator
>  3. Attempt read, save or remove on this pipe
>  4. Endpoint returns 401 with header indicating type of auth required
>      1. Need to research that this won't trigger the browser's native
>         Basic/Digest auth handling
>  5. Fire user supplied auth callback passing it a reference to a
>     "login" method that the user will pass the credentials collected
>     in the auth callback
>  6. Use "login" method to construct appropriate response to server's 401
>      1. This is the fun part :-P
>
In the Android version, login is called by the developer, not by the 
framework.  This "primes" the authenticator which then provides whatever 
tokens/headers/parameters/etc that the pipe will need to authenticate 
the request.

This may have to be changed in the future to support multiple login flows.
>
>  1. Server responds to auth attempt
>      1. Success - continue to process original read, write or remove
>      2. Error - trigger a user supplied auth failure callback
>
>
> Thanks!
>
> On May 22, 2013, at 8:44 AM, Summers Pittman <supittma at redhat.com 
> <mailto:supittma at redhat.com>> wrote:
>
>> On 05/21/2013 08:22 AM, Kris Borchers wrote:
>>> So, having seem the plans around Basic and Digest auth for Android 
>>> and iOS, I am wondering if there is any need for that on JS. 
>>> Typically that is handled by the browser and them the server 
>>> maintains the session so I would lean toward not needing anything 
>>> specific in JS for these types of auth. Input welcome.
>> It may be useful is someone tries to embed it in a Node container or
>> write a Windows 8 app, Gnome 3 extension, etc.
>>>
>>> Kris
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130522/4eac5dc8/attachment.html

More information about the aerogear-dev mailing list