John,
Per discussion with Rob, Simo, and Adam we're considering to make these
changes:
1. For backward compatibility with curl or 3rd party apps, we should
keep the existing authentication without session in /ipa/json and /ipa/xml.
2. For the UI we can use the sessions using different URIs:
* /ipa/login for authentication
* /ipa/session/json for the actual operations
3. If we modify the CLI later to use the sessions it will use the
following URIs:
* /ipa/login for authentication
* /ipa/session/xml for the actual operations
Is this OK? How difficult is it to make the above changes?
We also want to tie the authorization to the sessions, so whenever the
session expires the UI will reauthenticate using /ipa/login and then
reload the authorization info in a separate operation using
/ipa/session/json and then redraw the UI if necessary. This way we can
keep the /ipa/login generic enough to be used by both XML and JSON clients.
I think the UI changes can be done separately, I'll open the tickets.
--
Endi S. Dewata
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel