Re: RESTful API's - Easy way to interact?
Re: RESTful API's - Easy way to interact?
- Subject: Re: RESTful API's - Easy way to interact?
- From: Jens Alfke <email@hidden>
- Date: Sat, 31 May 2008 10:12:51 -0700
On 31 May '08, at 9:31 AM, Peter Burtis wrote:
Question: Is there a way to set the credentials before you initiate
the request? Or a way to force the request to use credentials even
if the site doesn't return an Authentication Required response? I
can't find one.
IIRC, there isn't one. I seem to remember this coming up in hallway
discussions once or twice (my office used to be next door to the
CFNetwork team.)
A) Some REST APIs never return the Authentication Required header,
they just fail, or return different data, without credentials
included, and then the callback never gets called.
That sounds like incorrect behavior for the server, especially if it
returns the wrong error code or omits the header. But that doesn't
help you if you don't control the server...
B) IIRC, if an item for the site/realm you're authenticating exists
in the keychain, it is always used and your class never hears about
or has any say in authentication at all. There have been times when
using the name/password set by the user in Safari has not been
appropriate for my use.
True. I don't know of a way around this.
C) When there is a password set in the keychain, and it's wrong for
whatever reason, NSURLConnection behaves strangely for me. The
connection:didReceiveAuthenticationChallenge: doesn't get called at
all, and I just get a loop of requests to access the keychain which
seemingly never ends.
This doesn't ring a bell with me. If you have a reproducible case, you
should file a bug report.
D) If you set your credentials as
NSURLCredentialPersistenceForSession, then you're stuck with only
using one set of credentials for each authentication realm. There
have been plenty of times when I've needed to use different
credentials in the same realm. (Handling multiple user accounts
from one app, mostly.) Or am I misunderstanding the word session in
this context?
I definitely remember hallway conversations about this, because it's
caused trouble for PubSub in a few cases. Mac.com happens to be one of
the domains that where you can hit this — they use one realm for the
entire site, regardless of username, so if you happen to have
credentials for two .mac accounts in your Keychain, CFNetwork can
sometimes choose the wrong one, causing the request to fail.
You should bring this up on the macnetworkprog mailing list — the
implementation of this stuff is in CFNetwork, and I don't think any of
the CFNetwork engineers read this list, because many of them aren't
Cocoa programmers.
I think there's a need for some additional API on NSURLConnection to
provide finer-grained control over authentication. In particular,
(1) Ability to set credentials on the request before starting the
connection
(2) Ability to disable the connection from looking in the Keychain
—Jens
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden