Hi,
Awesome, thank you! :)
I'll see if I can fire up my svn 2FA PoC using this in a few days
Best regards,
Peter
On 2025. 06. 24. 7:52, Branko Čibej wrote:
On 14. 6. 25 21:23, Branko Čibej wrote:
Hi all,
I've been digging into Serf's support for various authentication
schemes and I notices something that looks like a bit of a limitation.
Unless I'm much mistaken, there's space for only one authentication
baton in Serf's context. It would seem that this is rather a blocker
for implementing multi-factor authentication flows, for example,
Basic + OTP, where the server would first require basic credentials
and then, if those were correct, go on to issue an OTP challenge.
It seems to me that a simple solution for that would be to store an
authn baton per scheme, but I know on the close order of nothing
about the possible side effects.
Yeah, I'm starting small, I have no wish to implement OAuth2 flow any
time soon. Still, a bit of insight from the knowledgeable would be
welcome.
With r1926674, I think the user-defined-authn branch is ready for
review. Here's a short summary of the changes on the branch:
* The (private) struct serf__authn_scheme_t, defined in auth/auth.h,
grew a number of new members to support user-defined schemes,
among them five new user-visible callback functions. These, along
with their interactions, are described in serf.h. The built-in
authentication schemes don't need or use these new members.
* The (private) table serf_authn_schemes, defined in auth/auth.c,
has been extended to have room for as many schemes as there are
bits in serf__authn_scheme_t::type. Locking was added to serialize
access, because new schemes can be registered at runtime.
* Private callbacks were added to implement the user-visible
authentication flow.
* Two new public APIs take care of registering and unregistering
authentication schemes. The latter is tricky because we don't
track references to the schemes in contexts and connections, only
in the serf_authn_schemes table; this issue is documented.
* A number of tests were added for all this new stuff.
Please take a look if you have time.
svn diff --internal-diff \
https://svn.apache.org/repos/asf/serf/trunk \
https://svn.apache.org/repos/asf/serf/branches/user-defined-authn \
| colordiff --color=always \
| less -R
-- Brane
