On Thu, 2005-11-17 at 21:47 -0500, glyph@divmod.com wrote:
On Thu, 17 Nov 2005 11:09:42 -0800, David Reid <dreid@dreid.org> wrote:
While it might be a valid assumption, there is no common public interface provided to facilitate it.
The interface is ICredentialsChecker, specifically, requestAvatarID.
I don't see that working for things like HTTP Basic and Digest auth, even if ICredentials.checkPassword, returns a deferred, which fires after the last step has been completed, most ICredentialsCheckers do things with the credentials before they even call checkPassword, like check the username exists. But in Basic and Digest auth you don't have the username until you get the response to your challenge. So this is where IAuthorizer comes in it handles all the steps prior to having something that you can use to build a credentials. So if IAuthorizer has nothing to do with this discussion, where would you generate your challenge, and parse the response? You could implement your own ICredentialsChecker and actually do these things in requestAvatarId, via some interface on the credentials, but I know you can't be suggesting that is the right way to do it, because that would break all the modularity of cred.
Honestly, I have no idea what you're talking about. Have you read Abe's new book? He covers everything in terms of cred.
Clearly I'm not explaining myself very well, but yes, the only things I've ever read about cred are the source code and Abe's book. But then I looked at the actual HTTP AUTH implementations, and I feel there is something more needed to support this properly. I'm also wondering where exarkun is, because this extension to cred was his idea in the first place. -David