[Catalyst] RESTful authentication

Tomas Doran bobtfish at bobtfish.net
Thu May 21 10:06:24 GMT 2009


Christian Lackas wrote:

> I already did some googling, but did not find a satisfying answer yet.
> What is state-of-the-art approach to control access to REST resources.

When you say 'REST resources', I'm guessing you mean some sort of API, 
rather than a normal person facing site which happens to be restful..

Use HTTP headers.

>     http://user:pass@host/webdisk/data/path/to/file

I think that's very ugly, but workable.

> 
>     http://user:pass@host/webdisk/TOKEN/data/path/to/file

This is horrible if the TOKEN changes.

> Does Catalyst provide any plugins for this? Could not find anything on
> CPAN.

I just use HTTP basic or digest auth.

Works well, very standard, no messing around, supported by everything..

Of course, just making a /login URI which returns you a cookie you 
provide back to other URIs to get access isn't directly non-RESTFul in 
itself...

Cheers
t0m




More information about the Catalyst mailing list