Right now the emulator website works without authentication as well as by providing some keys in the auth section of the .piralrc file.
It would be great that in case of a 401 with a certain message we'd make an interactive login. This way, on first use of such an emulator website, the user would just log in and then be able to use the emulator website (with updates etc.). This would work until the retrieved token is expired and the user would need to log-in again.
Background
The emulator website could be protected, too, however, as its just a website we'd face something like a 401 or 403. Right now one can use http or header authentication (e.g., setting a value for the Authorization header). While this is nice it certainly is not feasible for, e.g., providing authentication via an AAD, which gives you a token with expiration (i.e., where do you get the token and how to update it in time).
Discussion
The question is how the interactive login should be triggered (all / any 401 would not work as we'd need to know a proper redirect / interactive login URL); either automatically with the right response or explicitly in case of a special .piralrc entry.
New Feature Proposal
For more information, see the
CONTRIBUTINGguide.Description
Right now the emulator website works without authentication as well as by providing some keys in the
authsection of the .piralrc file.It would be great that in case of a 401 with a certain message we'd make an interactive login. This way, on first use of such an emulator website, the user would just log in and then be able to use the emulator website (with updates etc.). This would work until the retrieved token is expired and the user would need to log-in again.
Background
The emulator website could be protected, too, however, as its just a website we'd face something like a 401 or 403. Right now one can use http or header authentication (e.g., setting a value for the
Authorizationheader). While this is nice it certainly is not feasible for, e.g., providing authentication via an AAD, which gives you a token with expiration (i.e., where do you get the token and how to update it in time).Discussion
The question is how the interactive login should be triggered (all / any
401would not work as we'd need to know a proper redirect / interactive login URL); either automatically with the right response or explicitly in case of a special.piralrcentry.