[Catalyst] RESTful authentication
Tomas Doran
bobtfish at bobtfish.net
Thu May 21 10:06:24 GMT 2009
Christian Lackas wrote:
> I already did some googling, but did not find a satisfying answer yet.
> What is state-of-the-art approach to control access to REST resources.
When you say 'REST resources', I'm guessing you mean some sort of API,
rather than a normal person facing site which happens to be restful..
Use HTTP headers.
> http://user:pass@host/webdisk/data/path/to/file
I think that's very ugly, but workable.
>
> http://user:pass@host/webdisk/TOKEN/data/path/to/file
This is horrible if the TOKEN changes.
> Does Catalyst provide any plugins for this? Could not find anything on
> CPAN.
I just use HTTP basic or digest auth.
Works well, very standard, no messing around, supported by everything..
Of course, just making a /login URI which returns you a cookie you
provide back to other URIs to get access isn't directly non-RESTFul in
itself...
Cheers
t0m
More information about the Catalyst
mailing list