-
Improvement
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
As stated in "Phase Two - Disable Digest Authentication": of MBS-357:
At some date (to be decided) digest authentication will be disabled. The only forms of authentication support by the web service will be OAuth and basic authentication (over a secure connection).
Basic authentication is still not supported (outside of the OAuth2 token endpoint for client application credentials). If implemented, we should clearly document never to send Basic auth credentials over plain HTTP. If that happens, I think it's a good idea to inform the requester to change their password in the response rather than silently redirect to HTTPS.
- is related to
-
MBS-9207 Disallow HTTP Digest authentication
-
- Open
-
Allow Basic HTTP authentication in the web service
-
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
As stated in "Phase Two - Disable Digest Authentication": of MBS-357:
At some date (to be decided) digest authentication will be disabled. The only forms of authentication support by the web service will be OAuth and basic authentication (over a secure connection).
Basic authentication is still not supported (outside of the OAuth2 token endpoint for client application credentials). If implemented, we should clearly document never to send Basic auth credentials over plain HTTP. If that happens, I think it's a good idea to inform the requester to change their password in the response rather than silently redirect to HTTPS.
- is related to
-
-
- Open
-
-
Unassigned
-
Michael Wiencek
- Votes:
-
0 Vote for this issue
- Watchers:
-
1 Start watching this issue
- Created:
- Updated:
| Version | Package |
|---|