Opened 16 years ago
Closed 15 years ago
#1724 defect closed invalid (invalid)
twisted.web2.auth doesn't address multi-step authentication
| Reported by: | David Reid | Owned by: | |
|---|---|---|---|
| Priority: | lowest | Milestone: | |
| Component: | web2 | Keywords: | |
| Cc: | Branch: | ||
| Author: |
Description
twisted.web2.auth doesn't address how to handle multi-step authentication schemes such as Negotiate.
Change History (4)
comment:1 Changed 15 years ago by
comment:2 Changed 15 years ago by
| Priority: | normal → lowest |
|---|
comment:3 Changed 15 years ago by
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
This is no longer relevant, credential factories get the full request and so can implement things such as the outgoing kerberos WWW-Authenticate header (the one sent after successful authentication) can be implemented with a response filter (specifically this is how the Darwin Calendar Server implements kerberos)
comment:4 Changed 11 years ago by
| Owner: | David Reid deleted |
|---|
Note: See
TracTickets for help on using
tickets.
This could very well be solved by giving the IRequest to .decode This would allow for clever behavior from adding responseFilters that add the next header. This isn't exactly "handling" multi-step auth but it may be good enough for most purposes.