advanced auth - do you use basic auth for initial login portion?

[Jonathan Price]

Firstly, thank you so much for this:  http://fusiongrokker.com/post/advanced-authentication-with-taffy-apis

Makes a ton of sense and I'll be implementing it soon.

My question is about the initial login part.  This bit:

        //allow white-listed requests through
        if (cfc == "authenticate"){
            return true;
        }

Where do you put the username password bits for this part?  In the Authorization header as with Basic Authorization?  Or query params?  Does it matter much, assuming its https?

Something like this?

        //allow white-listed requests through
        if (cfc == "authenticate"){
	    structAppend(requestArguments, getBasicAuthCredentials());
            return true;
        }

[Adam Tuttle]

Technically speaking, it doesn't make a difference. My advice would be to do what will be easiest / simplest for your users. In my case that usually means just expecting the username and password as normal request arguments -- not basic auth. But that's not to say that there's anything wrong with basic auth.

If you do choose to use basic auth, then the approach you showed would be fine for passing the username and password to the resource.

Adam

--
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Irvin Wilson]

Does anyone know of a current url to the authentication article?  I'm having trouble finding it (http://fusiongrokker.com/post/advanced-authentication-with-taffy-apis).   Thank you!

[Adam Tuttle]

http://web.archive.org/web/20160227151558/http://fusiongrokker.com/post/advanced-authentication-with-taffy-apis

Adam

To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users+unsubscribe@googlegroups.com.

[Irvin Wilson]

Thank you!!