<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 05/22/2013 10:48 AM, Kris Borchers
wrote:<br>
</div>
<blockquote
cite="mid:DF2357B4-F20F-4536-92EA-A5958D15432B@redhat.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<br>
<div>
<div>On May 22, 2013, at 9:44 AM, Summers Pittman <<a
moz-do-not-send="true" href="mailto:supittma@redhat.com">supittma@redhat.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 05/22/2013 10:41 AM, Kris
Borchers wrote:<br>
</div>
<blockquote
cite="mid:BC39DE73-7C4A-4F41-B430-9DF17DB3FDC3@redhat.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
I guess my other question is are Android and iOS
implementing this as a direct authentication method? For
example, would I create a Digest auth module and
specifically call login without actually requesting a
resource first? I don't particularly see how this would
work but thought I would ask.
<div><br>
</div>
</blockquote>
That is how it works at the moment. IN the case of basic on
Android it just caches the credentials. I havn't worked out
how digest will do it yet, but I am imagining it will
reference a "login" url to get the necessary headers from
the 401.<br>
</div>
</blockquote>
<div><br>
</div>
Wouldn't this tie you to a server implementation which is not
what we want. This should work with any Basic or Digest auth
system, right?</div>
</blockquote>
It wouldn't tie us to a particular server implementation, but it
would be weird since digest wants to be a retry with authentication
after a failure like a refresh token does.<br>
<blockquote
cite="mid:DF2357B4-F20F-4536-92EA-A5958D15432B@redhat.com"
type="cite">
<div><br>
<blockquote type="cite">
<div text="#000000" bgcolor="#FFFFFF">
<blockquote
cite="mid:BC39DE73-7C4A-4F41-B430-9DF17DB3FDC3@redhat.com"
type="cite">
<div>
<div>
<div>On May 22, 2013, at 9:12 AM, Kris Borchers <<a
moz-do-not-send="true"
href="mailto:kris@redhat.com">kris@redhat.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div style="word-wrap: break-word;
-webkit-nbsp-mode: space; -webkit-line-break:
after-white-space; ">OK, so I am going to try to
spell out the workflow as I see it working in JS.
I would appreciate any feedback on whether or not
this is crazy/wrong.
<div><br>
</div>
<div>
<ol class="MailOutline">
<li>Create Basic or Digest authenticator</li>
<ol>
<li>Must include a callback to be fired when
a request to auth is received from server</li>
</ol>
<li>Create pipe which uses this authenticator</li>
<li>Attempt read, save or remove on this pipe</li>
<li>Endpoint returns 401 with header
indicating type of auth required</li>
<ol>
<li>Need to research that this won't trigger
the browser's native Basic/Digest auth
handling</li>
</ol>
<li>Fire user supplied auth callback passing
it a reference to a "login" method that the
user will pass the credentials collected in
the auth callback</li>
<li>Use "login" method to construct
appropriate response to server's 401</li>
<ol>
<li>This is the fun part :-P</li>
</ol>
<li>Server responds to auth attempt</li>
<ol>
<li>Success - continue to process original
read, write or remove</li>
<li>Error - trigger a user supplied auth
failure callback</li>
</ol>
</ol>
<div><br>
</div>
<div>Thanks!</div>
<div><br>
</div>
<div>
<div>On May 22, 2013, at 8:44 AM, Summers
Pittman <<a moz-do-not-send="true"
href="mailto:supittma@redhat.com">supittma@redhat.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">On 05/21/2013 08:22
AM, Kris Borchers wrote:<br>
<blockquote type="cite">So, having seem the
plans around Basic and Digest auth for
Android and iOS, I am wondering if there
is any need for that on JS. Typically that
is handled by the browser and them the
server maintains the session so I would
lean toward not needing anything specific
in JS for these types of auth. Input
welcome.<br>
</blockquote>
It may be useful is someone tries to embed
it in a Node container or <br>
write a Windows 8 app, Gnome 3 extension,
etc.<br>
<blockquote type="cite"><br>
Kris<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote>
</div>
<br>
</div>
</div>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
aerogear-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></blockquote>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
aerogear-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
</blockquote>
<br>
</body>
</html>