Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
SimpleAuth support for Authorization header?
  • Is this supported as described in RFC 2617?


    If not, any suggestions where you would implement it? Now it's temporarily implemented as a base class router... far from perfect..
  • RFC 2617 or http authentication is considered an implementation detail, so it's not part of the Auth package. So you need to implement it the same way as you would implement a normal login page.

    See http://bin.fuelphp.com/snippet/view/M3 for an example.
  • Harry,

    Thnx for your prompt answer. Is it bad idea to add this in Auth_Login_Simpleauth::validate_user() ?
  • I'd say yes.

    You should use login(), not validate_user(), and if you look at my example, you'll see there is interaction with the user, code that belongs in a controller.
  • How about REST then? I don't get it why this should be somehow differently implemented than the POST parameters reading? Of course over SSL/TLS only.
  • HarroHarro
    Accepted Answer
    For REST authentication there are a lot of different solutions, depending on your requirements.

    Also, if the REST API is used app-to-app (and not through js in the browser), you need to implement a token exchange mechanism to compensate for the lack of session state (no cookies to maintain the session).

    Like for similar issues where you have interaction between server-side and client-side, Fuel doesn't force a solution on you, but allows you to choose your solution based on your own requirements.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion