kbmMW's TkbmMWAuthorizationManager will automatically create a token once a user has successfully logged in using user credentials.
The intent is that from that time forward the login info is cached server-side and the auto-generated token is used in subsequent requests for the lifetime of the session as a means of resource request authorization.
In the case of a web browser client using basic auth (over SSL), how is the web browser supposed to deal with the token? Does the token return to the web browser in the form of a cookie?
Is it impossible for the browser to know to use the token without some special form of client side web programming?
What special tasks does an iOS or Android native client need to perform to utilize the token after a successful authentication? In a REST-ish environment? Is manual token submission required? How does this change what is required on the server side?
Is the mwaoAutoLogin option for the TkbmMWAuthorizationManager valid for web, iOS & Android native clients in a REST scenario? Or should all be switched to manual?
Thanks.
Aucun commentaire:
Enregistrer un commentaire