On Thu, 22 Jun 2017, Daniel Schwarz via curl-library wrote:

> Yes, I agree with you. The round-trip in case of 401s is actually not an
> efficient way for authentication. Whenever multiple authentication headers
> come into place, the user should know which realm to use. So we should focus
> on setting one realm directly. In our use cases we always know the realm
> before. So it would be completely fine. On client side I would assume to get
> the option of setting a specific Realm as an authentication parameter. I
> cannot evaluate how it is best to implement in libcurl. The callback also
> sounds like a good approach. I could imagine in case of a failed auth due to
> a differing realm the client could give a more accurate feedback to the
> user.

So if you got to decide how to do such an API, entirely for your own use case,
how do you envision it would work?

I've started writing down the background and the current limitations in a wiki
page:

   https://github.com/curl/curl/wiki/Realm-aware-auth-API

... as you can see, there's no details for the suggested API just yet!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html