<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I guess my other question is are Android and iOS implementing this as a direct authentication method? For example, would I create a Digest auth module and specifically call login without actually requesting a resource first? I don't particularly see how this would work but thought I would ask.<div><br><div><div>On May 22, 2013, at 9:12 AM, Kris Borchers <<a href="mailto:kris@redhat.com">kris@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=us-ascii"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">OK, so I am going to try to spell out the workflow as I see it working in JS. I would appreciate any feedback on whether or not this is crazy/wrong.<div><br></div><div><ol class="MailOutline"><li>Create Basic or Digest authenticator</li><ol><li>Must include a callback to be fired when a request to auth is received from server</li></ol><li>Create pipe which uses this authenticator</li><li>Attempt read, save or remove on this pipe</li><li>Endpoint returns 401 with header indicating type of auth required</li><ol><li>Need to research that this won't trigger the browser's native Basic/Digest auth handling</li></ol><li>Fire user supplied auth callback passing it a reference to a "login" method that the user will pass the credentials collected in the auth callback</li><li>Use "login" method to construct appropriate response to server's 401</li><ol><li>This is the fun part :-P</li></ol><li>Server responds to auth attempt</li><ol><li>Success - continue to process original read, write or remove</li><li>Error - trigger a user supplied auth failure callback</li></ol></ol><div><br></div><div>Thanks!</div><div><br></div><div><div>On May 22, 2013, at 8:44 AM, Summers Pittman <<a href="mailto:supittma@redhat.com">supittma@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">On 05/21/2013 08:22 AM, Kris Borchers wrote:<br><blockquote type="cite">So, having seem the plans around Basic and Digest auth for Android and iOS, I am wondering if there is any need for that on JS. Typically that is handled by the browser and them the server maintains the session so I would lean toward not needing anything specific in JS for these types of auth. Input welcome.<br></blockquote>It may be useful is someone tries to embed it in a Node container or <br>write a Windows 8 app, Gnome 3 extension, etc.<br><blockquote type="cite"><br>Kris<br>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote><br>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div></div>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev</blockquote></div><br></div></body></html>