On Wed, 21 Jun 2017, Daniel Schwarz via curl-library wrote:
I would like to provide my help on this as this issue really blocks us, and
presumably many others, in using curl for these kind of interfaces. But I am
also not aware of any standardized approach to handle such multi-realm
authentication on client side.
Me neither. So we need to make something up that we think should work for us
in general and your use case in particular.
I have tested these multi-realm digest interfaces with Firefox and Poster
(Firefox REST Client Addon). It seems to iterate over all given
Authentication Headers. If an authentication fails, it just takes the next
realm and so on.
Is that how you'd like it done? Seems a bit crude to me and will cause a lot
of round-trips and 401s if there are many realms.
Additionally it would be nice to have the option of setting the relevant
digest auth realm in advance, so that other authentication headers will be
just ignored.
If you know before-hand of a realm that you'd like then I can certainly see
that you'd like to set which realm to use. But then that also risks that
you've set a realm that won't come and then auth will fail because of that.
Another approach is to collect all offered realms and ask the application with
a callback which of these N realms would you like to use, and then proceed
using that one... Such a callback would then also need to ask for
user/password for that specific realm since they may of course differ between
realms.
Maybe its even possible to support both?
I think it is enough to just work on one realm at a time and if that fails
auth, you restart the transfer and select the another auth. I don't think
libcurl itself needs to handle doing auth on multiple realms in some serial
manner.
What do you think?
--
/ daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
