[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: New to lua, web framework?
- From: Fabio Mascarenhas <mascarenhas@...>
- Date: Wed, 6 Oct 2010 15:06:00 -0300
On Wed, Oct 6, 2010 at 2:36 PM, Petite Abeille <petite_abeille@mac.com> wrote:
> On Oct 6, 2010, at 7:11 PM, Fabio Mascarenhas wrote:
>
>> I thought most applications would want to redirect the user to a login
>> page in case of authentication failure instead of throwing a "403
>> Forbidden" back at them
>
> 403? As in "don't even try, I'm not going to give it to you"
I think this would be a good response to a forged authentication
token, but is certainly undesirable if the token has just expired. :-)
> Or 401? As in "Ok, who are you again"?
> If 403, then authentication should make no difference, no?
>
> If 401, then this is the realm of HTTP Authentication and a custom login page would not help as the user agent will take care of
> capturing the user credential, right?
I am assuming you do not want to use HTTP authentication, just like
the typical web app. :-) For authenticated access to an API I would
suggest using something like OAuth (and I think Ignacio has an OAuth
module for Lua)...
--
Fabio Mascarenhas
- References:
- New to lua, web framework?, kevin beckford
- Re: New to lua, web framework?, Petite Abeille
- Re: New to lua, web framework?, Philippe Lhoste
- Re: New to lua, web framework?, steve donovan
- Re: New to lua, web framework?, Fabio Mascarenhas
- Re: New to lua, web framework?, Ignacio Burgueño
- Re: New to lua, web framework?, Fabio Mascarenhas
- Re: New to lua, web framework?, Petite Abeille