For our api user we need two styles of authentication:
- authenticate the api-user (mobile-device, partner integration)
- authenticate a specific "normal" user, which owns data on our side
The standard challenge vs. response is handled through WWW-Authenticate and Authorization Headers. I want to reuse this.
I have following use-case: On first level we authenticate the api-user (e.g. mobile device), for some api-actions we also need to authenticate a user (e.g. user of mobile device). So we have a special case where we need two authentications schemes "at once".
Looking at http://www.w3.org/Protocols/rfc2616/rf开发者_Go百科c2616-sec14.html I cannot see that having two different schemes inside one 'Authorization' Header is possible.
// I just made up delimiter ';'
Authorization: Digest .... ; CustomXXX ...
Am I correct, if so is there an alternative?
No, Authorization can only take one set of credentials.
 
         
                                         
                                         
                                         
                                        ![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif) 
                                         
                                         
                                         
                                         加载中,请稍侯......
 加载中,请稍侯......
      
精彩评论