Ticket #3530 enhancement new
new twisted.web._auth should support cred factories which don't send a www-challenge, and which send a final www-challenge
|Reported by:||philmayers||Owned by:|
Specifically, if you are hiding the Twisted Web server behind a proxy that does the authentication e.g. mod_auth_kerb in Apache, you might want the "credentials" to be:
...and obviously the "XRemoteCredentialsFactory" would not send back a www-authenticate.
Adding a simple "if challenge" on line 51 of web/_auth/wrapper.py should do it.
More generally there might be auth schemes which want to use headers other than WWW-Authenticate (I can't think of one) so it might be better to generalise things further.
Also, I believe some auth methods (e.g. Kerberos with mutual auth) send a final WWW-Authenticate with the "200 OK" response.
I don't have time this evening to work up proof-of-concept code, but will take a look tomorrow
Given that the new auth code is not yet "released" it would be good to get this addresses before it is.