[aerogear-dev] Basic/Digest Auth and JS
Kris Borchers
kris at redhat.com
Wed May 22 10:48:20 EDT 2013
On May 22, 2013, at 9:44 AM, Summers Pittman <supittma at redhat.com> wrote:
> On 05/22/2013 10:41 AM, Kris Borchers wrote:
>> I guess my other question is are Android and iOS implementing this as a direct authentication method? For example, would I create a Digest auth module and specifically call login without actually requesting a resource first? I don't particularly see how this would work but thought I would ask.
>>
> That is how it works at the moment. IN the case of basic on Android it just caches the credentials. I havn't worked out how digest will do it yet, but I am imagining it will reference a "login" url to get the necessary headers from the 401.
Wouldn't this tie you to a server implementation which is not what we want. This should work with any Basic or Digest auth system, right?
>> On May 22, 2013, at 9:12 AM, Kris Borchers <kris at redhat.com> wrote:
>>
>>> OK, so I am going to try to spell out the workflow as I see it working in JS. I would appreciate any feedback on whether or not this is crazy/wrong.
>>>
>>> Create Basic or Digest authenticator
>>> Must include a callback to be fired when a request to auth is received from server
>>> Create pipe which uses this authenticator
>>> Attempt read, save or remove on this pipe
>>> Endpoint returns 401 with header indicating type of auth required
>>> Need to research that this won't trigger the browser's native Basic/Digest auth handling
>>> Fire user supplied auth callback passing it a reference to a "login" method that the user will pass the credentials collected in the auth callback
>>> Use "login" method to construct appropriate response to server's 401
>>> This is the fun part :-P
>>> Server responds to auth attempt
>>> Success - continue to process original read, write or remove
>>> Error - trigger a user supplied auth failure callback
>>>
>>> Thanks!
>>>
>>> On May 22, 2013, at 8:44 AM, Summers Pittman <supittma at redhat.com> wrote:
>>>
>>>> On 05/21/2013 08:22 AM, Kris Borchers wrote:
>>>>> So, having seem the plans around Basic and Digest auth for Android and iOS, I am wondering if there is any need for that on JS. Typically that is handled by the browser and them the server maintains the session so I would lean toward not needing anything specific in JS for these types of auth. Input welcome.
>>>> It may be useful is someone tries to embed it in a Node container or
>>>> write a Windows 8 app, Gnome 3 extension, etc.
>>>>>
>>>>> Kris
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130522/a73c7087/attachment.html
More information about the aerogear-dev
mailing list