Opened 16 years ago

Closed 15 years ago

#1724 defect closed invalid (invalid)

twisted.web2.auth doesn't address multi-step authentication

Reported by: David Reid Owned by:
Priority: lowest Milestone:
Component: web2 Keywords:
Cc: Branch:
Author:

Description

twisted.web2.auth doesn't address how to handle multi-step authentication schemes such as Negotiate.

Change History (4)

comment:1 Changed 16 years ago by David Reid

This could very well be solved by giving the IRequest to .decode This would allow for clever behavior from adding responseFilters that add the next header. This isn't exactly "handling" multi-step auth but it may be good enough for most purposes.

comment:2 Changed 16 years ago by David Reid

Priority: normallowest

comment:3 Changed 15 years ago by David Reid

Resolution: invalid
Status: newclosed

This is no longer relevant, credential factories get the full request and so can implement things such as the outgoing kerberos WWW-Authenticate header (the one sent after successful authentication) can be implemented with a response filter (specifically this is how the Darwin Calendar Server implements kerberos)

comment:4 Changed 11 years ago by <automation>

Owner: David Reid deleted
Note: See TracTickets for help on using tickets.