Firstly, thank you so much for this:
http://fusiongrokker.com/post/advanced-authentication-with-taffy-apisMakes a ton of sense and I'll be implementing it soon.
My question is about the initial login part. This bit:
//allow white-listed requests through
if (cfc == "authenticate"){
return true;
}
Where do you put the username password bits for this part? In the Authorization header as with Basic Authorization? Or query params? Does it matter much, assuming its https?
Something like this?
//allow white-listed requests through
if (cfc == "authenticate"){
structAppend(requestArguments, getBasicAuthCredentials());
return true;
}