In thinking about this flow, the real issue boils down to this:
If the user is going to use 2FA, then the peer needs to know in advance. If the peer tries to use Basic Auth and server won't accept it, it should simply produce an error. That's the simplifying flow.
If the peer doesn't know that 2FA is to be used, then the mechanics of all of this become a mess.
Eliot _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
