Hello. Just a small clarification:
On Jul 16, 9:34 pm, Aurynn Shaw <[email protected]> wrote: > The flow is, the Identifier tests for the user credentials (can look in > the HTTP environment, as well as cookies), and if the user is not logged > in, passes to the Challenger. The Challenger requests credentials (a 401 > Not Authorized), as you'd expect. If the user is not authenticated and is not trying to log in in the current request, nothing happens; the WSGI application will work as usual. The challenger only comes into play when so is requested by the WSGI application (the identifier has no influence); by default it happens when the application itself returns 401. Or in a graphical way, this is what happens before your application receives the request: http://gustavonarea.net/uploads/Figure2.png And this is what happens after your application returns a response: http://gustavonarea.net/uploads/Figure3.png - Gustavo. :) -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
