-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unauthorized response browser auto-popup window for login #96
Comments
fmigneault
added a commit
to Ouranosinc/Magpie
that referenced
this issue
Mar 24, 2021
fmigneault
added a commit
to Ouranosinc/Magpie
that referenced
this issue
Mar 26, 2021
fmigneault
added a commit
to Ouranosinc/Magpie
that referenced
this issue
Mar 29, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WWW-Authenticate
header should always be returned in the response when 401 occurs from a missing AuthN/AuthZ headers. https://tools.ietf.org/html/rfc2617#section-3.2.1This would allow web browsers to popup a login window to enter credentials and login.
To redirect the login request at the right place, we could either use
WWW-Authenticate: digest
withdomain=<URI>
(see above reference), or using the following parameter (experimental since 2017?),Location-When-Unauthenticated
Parameterhttps://tools.ietf.org/html/rfc8053#section-4.3
For a user accessing a web service via his browser using the proxy URL, this would greatly help him login without having to figure out how/where to login on the requested instance (https://github.com/Ouranosinc/Magpie, some remote Keycloak service, local Twitcher token, etc.).
Side note, for a web browser request that would require to bypass this auto login window/popup feature, the
X-Requested-With: XMLHttpRequest
request header seems like a wide spread method.https://stackoverflow.com/questions/9859627
Side-side note (@fmigneault)
Noting this feature here before it fall between cracks.
relates to Ouranosinc/Magpie#330
The text was updated successfully, but these errors were encountered: