cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: extra requests sent when using HTTPAUTH_DIGEST

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 19 Apr 2012 23:00:50 +0200 (CEST)

On Mon, 16 Apr 2012, Joe Mason wrote:

> The problem is I want to only pop open a username/password dialog for the
> user if the server is actually requesting authentication, so I need to wait
> for the first WWW-Authenticate. And then having to send a second request is
> wasteful.

Right, I understand your dilemma. I'm open for introducing a new and improved
way to provide credentials like for this case, as I know this is a weak area
for libcurl.

> From my point of view it would be ideal if, as well as setting the username
> and password through setopt, I could also set other authentication
> parameters, and then libcurl would use them as if they had been parsed out
> of the WWW-Authenticate header. In fact, it would be best to just reuse
> CURL's parser:
>
> curl_easy_setopt(handle, CURLOPT_WWW_AUTHENTICATE, "Digest
> realm=\"Restricted
> area\",qop=\"auth\",nonce=\"4f8834a7d6315\",opaque=\"cdce8a5c95a1427d74df7acbf41c9ce0\"")

But that would still require your application to do quite some heavy lifting
and possess a whole lot of HTTP auth knowledge.

I think I would rather favor an approach that for example calls a callback
with information about auth type and realm etc that was received and allows
the application to pass back credentials to use. Although I haven't thought it
through completely...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2012-04-19