Adding a "WWW-Authenticate" header to the 401 response.

[SteveB]

As per RFC 2616, which states in relation to the 401 response:
"The request requires user authentication. The response MUST include a
WWW-Authenticate header field"

What is the best way for this header to be added?
Maybe the Authentication class could include a value for this header
which resource.py could add.
e.g.

if not auth_result is True:
response = HttpUnauthorized()
if hasattr(self._meta.authentication, 'authenticate_header'):
response['WWW-Authenticate'] =
self._meta.authentication.authenticate_header
raise ImmediateHttpResponse(response=response)

This code could be placed in resource.py in the two methods:
is_authenticated and is_authorized

What do you think?

[Daniel Lindsley]

SteveB,

I'm not sure what use case you're trying to target, but the
``BasicAuthentication`` & ``DigestAuthentication`` classes already do
this (see https://github.com/toastdriven/django-tastypie/blob/master/tastypie/authentication.py#L42-66
& https://github.com/toastdriven/django-tastypie/blob/master/tastypie/authentication.py#L169-195).
I'd recommend a similar approach.

Daniel

[SteveB]

Hi Daniel,
Ah OK, I see the approach to take now.
Thanks for your help.