steveklabnik
commented
12 years ago Rack middleware is probably simpler. Devise might be the Right Answer, but that'd involve re-doing all of everything, which is a lot of work.
Open carols10cents opened 12 years ago
steveklabnik
commented
12 years ago Rack middleware is probably simpler. Devise might be the Right Answer, but that'd involve re-doing all of everything, which is a lot of work.
carols10cents
commented
12 years ago I'm considering just making rstat.us an oauth provider instead. Any thoughts anyone?
steveklabnik
commented
12 years ago Oauth is sweet.
Peeja
commented
11 years ago Unless I'm mistaken, OAuth is an HTTP Authentication scheme, but it's not BASIC or DIGEST, it's OAuth. Does the spec's wording mean that any implementation has to be BASIC or DIGEST?
(I haven't been following the ALPS example, so I may have no idea what I'm talking about.)
carols10cents
commented
11 years ago Yes, the spec currently states that auth must be basic or digest, and oauth is neither of those. However, the spec is still under development (although there hasn't been much activity on it lately). I've actually proposed that OAuth be officially sanctioned in the spec.
This is part of the ALPS microblogging with XHTML example: "Servers MAY require clients to support HTTP Authentication (BASIC or DIGEST) for some requests."
If we are going to support posting in a manner consistent with the ALPS microblogging spec, we'll need a way to do this. I really don't know the best way of going about implementing this alongside our current authentication strategy, and without requiring everyone to be authenticated if they only want to read.
Possibly with devise? http://ewout.name/2010/04/http-basic-authentication-with-devise/ Possibly with mounted Rack middleware? http://ryanfunduk.com/shared-auth-for-rack-apps/