Open carols10cents opened 12 years ago
Rack middleware is probably simpler. Devise might be the Right Answer, but that'd involve re-doing all of everything, which is a lot of work.
I'm considering just making rstat.us an oauth provider instead. Any thoughts anyone?
Oauth is sweet.
Unless I'm mistaken, OAuth is an HTTP Authentication scheme, but it's not BASIC or DIGEST, it's OAuth. Does the spec's wording mean that any implementation has to be BASIC or DIGEST?
(I haven't been following the ALPS example, so I may have no idea what I'm talking about.)
Yes, the spec currently states that auth must be basic or digest, and oauth is neither of those. However, the spec is still under development (although there hasn't been much activity on it lately). I've actually proposed that OAuth be officially sanctioned in the spec.
This is part of the ALPS microblogging with XHTML example: "Servers MAY require clients to support HTTP Authentication (BASIC or DIGEST) for some requests."
If we are going to support posting in a manner consistent with the ALPS microblogging spec, we'll need a way to do this. I really don't know the best way of going about implementing this alongside our current authentication strategy, and without requiring everyone to be authenticated if they only want to read.
Possibly with devise? http://ewout.name/2010/04/http-basic-authentication-with-devise/ Possibly with mounted Rack middleware? http://ryanfunduk.com/shared-auth-for-rack-apps/