- Issue created by @joachim
- 🇬🇧United Kingdom joachim
I thought I understood what the different authorization plugins did, but ✨ Use user.login.http instead of user.login Active has got me totally confused again.
I thought that the basic_auth plugin relied on the server accepting the credentials in the HTTP header -- because this message shows when you select it in the UI:
> With the Basic Auth authorization method you need to ensure that the HTTP Basic Authentication module is enabled on the server website.
But then why does it also do this:
$http_client->post($login_path, [ 'form_params' => [ 'name' => $credentials['username'], 'pass' => $credentials['password'], 'form_id' => 'user_login_form', ], - 🇫🇷France Grimreaper France 🇫🇷
For "JSON:API clients" yes, it is with basic_auth module.
But for "non JSON:API clients" we need another, persistent, authentication.
The "non JSON:API clients" are used for physical files, for public files it is ok with the URL (as they are public), but for private file system, we need to make a request being authenticated.
And the URL for the URI private://my/file.jpg will not authenticate you with basic_auth if I am not mistaken. Or if Ok with basic_auth, we need a dedicated method for other authentication plugins.
- 🇬🇧United Kingdom joachim
Thanks.
I've filed:
- 📌 document that non-jsonapi requests are only used for requests for physical files Active
- 📌 check whether basic auth works for private files Active