Unauthorized response browser auto-popup window for login #96
Comments
fmigneault
added a commit
to Ouranosinc/Magpie
that referenced
this issue
Mar 24, 2021
fmigneault
added a commit
to Ouranosinc/Magpie
that referenced
this issue
Mar 26, 2021
fmigneault
added a commit
to Ouranosinc/Magpie
that referenced
this issue
Mar 29, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WWW-Authenticateheader should always be returned in the response when 401 occurs from a missing AuthN/AuthZ headers. https://tools.ietf.org/html/rfc2617#section-3.2.1This would allow web browsers to popup a login window to enter credentials and login.
To redirect the login request at the right place, we could either use
WWW-Authenticate: digestwithdomain=<URI>(see above reference), or using the following parameter (experimental since 2017?),Location-When-UnauthenticatedParameterhttps://tools.ietf.org/html/rfc8053#section-4.3
For a user accessing a web service via his browser using the proxy URL, this would greatly help him login without having to figure out how/where to login on the requested instance (https://github.com/Ouranosinc/Magpie, some remote Keycloak service, local Twitcher token, etc.).
Side note, for a web browser request that would require to bypass this auto login window/popup feature, the
X-Requested-With: XMLHttpRequestrequest header seems like a wide spread method.https://stackoverflow.com/questions/9859627
Side-side note (@fmigneault)
Noting this feature here before it fall between cracks.
relates to Ouranosinc/Magpie#330
The text was updated successfully, but these errors were encountered: