[Python-Dev] Python wiki (original) (raw)
"Martin v. Löwis" martin at v.loewis.de
Mon Sep 27 06:10:39 CEST 2010
- Previous message: [Python-Dev] Python wiki
- Next message: [Python-Dev] Python wiki
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
No, Martin really meant "not possible": once basic auth is started, the browser prompts for username and password and you are in basic-auth land thereafter; the web server has no way to tell the browser to stop using basic auth.
Yes, but Scott proposed that OpenID users might fill in their OpenID in the username field and leave the password field empty. Technically, this would work - the browser would then get the OpenID redirect in response to the original request.
imagine that only "ultra geeks" know their URIs (I have no idea what the URI for a Google account is). But, I don't see this as being worthwhile Well, my OpenId is 'david.bitdance.com', so even if you could get around the basic auth problem, looking for "http://" wouldn't work.
Sure - however, it would actually be possible to determine that this is an OpenID: perform discovery on it. If that succeeds, try to establish a provider association; if that also succeeds, redirect the user to the OpenID login process.
However, I'd rather not do that, since OpenID users don't expect that kind of interface.
Providing OpenID links on the login failure 401 response is reasonable, though.
Regards, Martin
- Previous message: [Python-Dev] Python wiki
- Next message: [Python-Dev] Python wiki
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]