<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On May 22, 2013, at 9:44 AM, Summers Pittman &lt;<a href="mailto:supittma@redhat.com">supittma@redhat.com</a>&gt; wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 05/22/2013 10:41 AM, Kris Borchers
      wrote:<br>
    </div>
    <blockquote cite="mid:BC39DE73-7C4A-4F41-B430-9DF17DB3FDC3@redhat.com" type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      I guess my other question is are Android and iOS implementing this
      as a direct authentication method? For example, would I create a
      Digest auth module and specifically call login without actually
      requesting a resource first? I don't particularly see how this
      would work but thought I would ask.
      <div><br>
      </div>
    </blockquote>
    That is how it works at the moment.&nbsp; IN the case of basic on Android
    it just caches the credentials.&nbsp; I havn't worked out how digest will
    do it yet, but I am imagining it will reference a "login" url to get
    the necessary headers from the 401.<br></div></blockquote><div><br></div>Wouldn't this tie you to a server implementation which is not what we want. This should work with any Basic or Digest auth system, right?</div><div><br><blockquote type="cite"><div text="#000000" bgcolor="#FFFFFF">
    <blockquote cite="mid:BC39DE73-7C4A-4F41-B430-9DF17DB3FDC3@redhat.com" type="cite">
      <div>
        <div>
          <div>On May 22, 2013, at 9:12 AM, Kris Borchers &lt;<a moz-do-not-send="true" href="mailto:kris@redhat.com">kris@redhat.com</a>&gt;
            wrote:</div>
          <br class="Apple-interchange-newline">
          <blockquote type="cite">
            <meta http-equiv="Content-Type" content="text/html;
              charset=ISO-8859-1">
            <div style="word-wrap: break-word; -webkit-nbsp-mode: space;
              -webkit-line-break: after-white-space; ">OK, so I am going
              to try to spell out the workflow as I see it working in
              JS. I would appreciate any feedback on whether or not this
              is crazy/wrong.
              <div><br>
              </div>
              <div>
                <ol class="MailOutline">
                  <li>Create Basic or Digest authenticator</li>
                  <ol>
                    <li>Must include a callback to be fired when a
                      request to auth is received from server</li>
                  </ol>
                  <li>Create pipe which uses this authenticator</li>
                  <li>Attempt read, save or remove on this pipe</li>
                  <li>Endpoint returns 401 with header indicating type
                    of auth required</li>
                  <ol>
                    <li>Need to research that this won't trigger the
                      browser's native Basic/Digest auth handling</li>
                  </ol>
                  <li>Fire user supplied auth callback passing it a
                    reference to a "login" method that the user will
                    pass the credentials collected in the auth callback</li>
                  <li>Use "login" method to construct appropriate
                    response to server's 401</li>
                  <ol>
                    <li>This is the fun part :-P</li>
                  </ol>
                  <li>Server responds to auth attempt</li>
                  <ol>
                    <li>Success - continue to process original read,
                      write or remove</li>
                    <li>Error - trigger a user supplied auth failure
                      callback</li>
                  </ol>
                </ol>
                <div><br>
                </div>
                <div>Thanks!</div>
                <div><br>
                </div>
                <div>
                  <div>On May 22, 2013, at 8:44 AM, Summers Pittman &lt;<a moz-do-not-send="true" href="mailto:supittma@redhat.com">supittma@redhat.com</a>&gt;
                    wrote:</div>
                  <br class="Apple-interchange-newline">
                  <blockquote type="cite">On 05/21/2013 08:22 AM, Kris
                    Borchers wrote:<br>
                    <blockquote type="cite">So, having seem the plans
                      around Basic and Digest auth for Android and iOS,
                      I am wondering if there is any need for that on
                      JS. Typically that is handled by the browser and
                      them the server maintains the session so I would
                      lean toward not needing anything specific in JS
                      for these types of auth. Input welcome.<br>
                    </blockquote>
                    It may be useful is someone tries to embed it in a
                    Node container or <br>
                    write a Windows 8 app, Gnome 3 extension, etc.<br>
                    <blockquote type="cite"><br>
                      Kris<br>
                      _______________________________________________<br>
                      aerogear-dev mailing list<br>
                      <a moz-do-not-send="true" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
                      <a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
                    </blockquote>
                    <br>
                    _______________________________________________<br>
                    aerogear-dev mailing list<br>
                    <a moz-do-not-send="true" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
                    <a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
                  </blockquote>
                </div>
                <br>
              </div>
            </div>
            _______________________________________________<br>
            aerogear-dev mailing list<br>
            <a moz-do-not-send="true" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
            <a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
aerogear-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
    </blockquote>
    <br>
  </div>

_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev</blockquote></div><br></body></html>