<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On May 22, 2013, at 9:44 AM, Summers Pittman <<a href="mailto:supittma@redhat.com">supittma@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 05/22/2013 10:41 AM, Kris Borchers
wrote:<br>
</div>
<blockquote cite="mid:BC39DE73-7C4A-4F41-B430-9DF17DB3FDC3@redhat.com" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
I guess my other question is are Android and iOS implementing this
as a direct authentication method? For example, would I create a
Digest auth module and specifically call login without actually
requesting a resource first? I don't particularly see how this
would work but thought I would ask.
<div><br>
</div>
</blockquote>
That is how it works at the moment. IN the case of basic on Android
it just caches the credentials. I havn't worked out how digest will
do it yet, but I am imagining it will reference a "login" url to get
the necessary headers from the 401.<br></div></blockquote><div><br></div>Wouldn't this tie you to a server implementation which is not what we want. This should work with any Basic or Digest auth system, right?</div><div><br><blockquote type="cite"><div text="#000000" bgcolor="#FFFFFF">
<blockquote cite="mid:BC39DE73-7C4A-4F41-B430-9DF17DB3FDC3@redhat.com" type="cite">
<div>
<div>
<div>On May 22, 2013, at 9:12 AM, Kris Borchers <<a moz-do-not-send="true" href="mailto:kris@redhat.com">kris@redhat.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; ">OK, so I am going
to try to spell out the workflow as I see it working in
JS. I would appreciate any feedback on whether or not this
is crazy/wrong.
<div><br>
</div>
<div>
<ol class="MailOutline">
<li>Create Basic or Digest authenticator</li>
<ol>
<li>Must include a callback to be fired when a
request to auth is received from server</li>
</ol>
<li>Create pipe which uses this authenticator</li>
<li>Attempt read, save or remove on this pipe</li>
<li>Endpoint returns 401 with header indicating type
of auth required</li>
<ol>
<li>Need to research that this won't trigger the
browser's native Basic/Digest auth handling</li>
</ol>
<li>Fire user supplied auth callback passing it a
reference to a "login" method that the user will
pass the credentials collected in the auth callback</li>
<li>Use "login" method to construct appropriate
response to server's 401</li>
<ol>
<li>This is the fun part :-P</li>
</ol>
<li>Server responds to auth attempt</li>
<ol>
<li>Success - continue to process original read,
write or remove</li>
<li>Error - trigger a user supplied auth failure
callback</li>
</ol>
</ol>
<div><br>
</div>
<div>Thanks!</div>
<div><br>
</div>
<div>
<div>On May 22, 2013, at 8:44 AM, Summers Pittman <<a moz-do-not-send="true" href="mailto:supittma@redhat.com">supittma@redhat.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">On 05/21/2013 08:22 AM, Kris
Borchers wrote:<br>
<blockquote type="cite">So, having seem the plans
around Basic and Digest auth for Android and iOS,
I am wondering if there is any need for that on
JS. Typically that is handled by the browser and
them the server maintains the session so I would
lean toward not needing anything specific in JS
for these types of auth. Input welcome.<br>
</blockquote>
It may be useful is someone tries to embed it in a
Node container or <br>
write a Windows 8 app, Gnome 3 extension, etc.<br>
<blockquote type="cite"><br>
Kris<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote>
</div>
<br>
</div>
</div>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
aerogear-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
</blockquote>
<br>
</div>
_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev</blockquote></div><br></body></html>