Comments (4)
FWIW, I'm not sure there is a good reason to have an Arvados
authentication mechanism, as it's semantics are not different from Basic
- the API token is basically a password - there is no challenge or nonce involved. Why not support Arvados API token auth by simply having a special username arvados
for which you provide the API token as the password?
from irobot.
I'm aware of the realm issue, at least as far as basic authentication is concerned. It's not a priority of mine, right now, to include it. Although I didn't realise it was common to all challenge-response type authentication schemes, so that may bump it up the priority list. Having said that, note that RFC7235 (which updates RFC2617) suggests that the realm is no longer required: https://tools.ietf.org/html/rfc7235#section-2.2
The Arvados authentication handler is already written, so I don't see any utility in refactoring it into the basic auth handler. I agree that they're basically the same -- i.e., a token string that can be decoded by some decoder...but then, OAuth
is also like that -- but I would argue that having the authentication scheme alongside it points you to the correct decoder. (Also, what if your basic authenticator has a user called arvados
, or whatever magic string you choose?)
Anyway, for example, my Arvados auth handler makes a request to the Arvados API with that token to get the Arvados username; whereas my basic auth handler just decodes the username straight out of the token. (Presuming they pass, obviously!) That seemed quite a satisfying approach to me.
from irobot.
Ok - the clearest note of the change to not require realm
is in appendix A: https://tools.ietf.org/html/rfc7235#appendix-A
from irobot.
I'll leave this closed, but I may add an optional realm
to at least the Basic authentication handler because this is actually used in production. It may be worth providing a general way to include handler parameters (e.g., Digest authentication uses a bunch of them, IIRC), but it's not a huge priority.
from irobot.
Related Issues (14)
- Checksum while fetching data from iRODS
- Set default response content-type to `application/octet-stream` HOT 7
- prefix data object URIs with something HOT 2
- Add an ETag header to the responses.
- No encoded JSON content with a 401 response HOT 1
- rename `Arvados` authentication method to `Bearer` HOT 1
- Default accepted media type not implemented
- Incorrect assumption that iRODS always uses MD5 checksums
- Always respond with data if it exists
- Allow streaming data from iRODS HOT 3
- Allow multiple authentication methods per request
- Require 401 response with WWW-Authenticate header HOT 1
- Everything should be async
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from irobot.