Item5945: restHandlers need to be able to be called without auth.
Current State: No Action Required
Target Release: n/a
Applies To: Engine
to completely replace the need for adding new cgi scripts, plugins need to be able to specify that a restHandler can be called without auth, or that if there is no auth, that the user will be redirected to login..
the default registration should continue to require auth - not
via apache auth, but selectivly, as for view in an DENYVIEW context, to add authless operation a plugin author has to do so intentionally.
- 20 Aug 2008
Can you describe a use case where you'd like to implement a REST handler where auth would be a problem.
- 21 Aug 2008
yup. any get operation on a data item that is open to TWikiGuest
such as a query for 'this month's appointments' in JSON form.
worse, in the current implementation, any rest query made as the first contact from an external 'app' will result in a 401 error - no pointer to the auth url, no possibilities for refunds, nothing.
nother use case - replace the
cgi script with a handler - search should not necessarily require previous auth - unless its being done on restricted content.
- 21 Aug 2008
Eugen was talking about this recently, so marked for his attention.
- 23 Feb 2009
I will look into this when i recovered from illness. I will write also a proposal so the solution will be fitting all needs and we can discuss about.
- 26 Feb 2009
i will start to create a solution for it after we have released the patch release and are going back to mainly work on the trunk
I addressed this some time ago.
- 28 Oct 2009