Chris McDonough <chr...@plope.com> added the comment: Form plugins will be deprecated for common use in the next release of r.who, FWIW. It's much easier to tell people to return a login form as their "unauthorized" response rather than trying to "challenge" based on a 401 response from the application and do arbitrary things to pass through reasons for failure and so on.
But for the record, the RedirectingFormPlugin currently has such a facility (albeit undocumented but in CHANGES.txt): if the unauthorized response contains a header named X-Authentication-Failure-Reason, that will cause the redirect to the login form to contain a "reason" query string parameter will the value of that header. ---------- status: unread -> resolved __________________________________ Repoze Bugs <b...@bugs.repoze.org> <http://bugs.repoze.org/issue74> __________________________________ _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev