Re: authentication architecture.

Hi,

On Thu, Jul 26, 2001 at 12:48:13PM -0500, Ben Collins-Sussman wrote:
...
> * if libsvn_client can't fill in all the fields, it "kicks" the
> user_t structure up to its client caller (using the hook routine)
> and then the client finishes the job. (for example, prompting
> the user for a password, reading a config file, etc.)
>
> * the user_t object is now passed (along with the URL) to ra->open().
...

You can't really request usernames/passwords/... from the user before
opening the session (which is what you're suggesting if I understand
correctly?), since you don't know at that time whether the server will
require authentication or not.

I really like the idea of having an object which gets filled in - to get
a little bikesheddy I'd call this a "credentials" object. ra_dav can
also require HTTP proxy auth and SSL client certs as "credentials" too.

I hacked up auth callbacks for ra_dav a while ago (wasn't ready for
prime time though), the way it worked was:

 - the ra_plugin structure grew an 'authenticate' function which is used
to register a callback which is called whenever the RA implementation
needs to get auth credentials.

 - svn_client_* take an extra callback, and passes it through to the RA
layer by calling ra->authenticate(session, callback, baton).

 - whenever the RA layer finds it requires authentication, it calls the
new callback, which goes back up into the client, which fills in the
credentials (e.g. by prompting for username/password)

Regards,

joe

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:33 2006