I think it makes sense to have basic auth along with the form auth. Currently we maintain the session which has DrillClient so that all user options are preserved in the login session. In case of basic auth (which are usually point API calls), we can create the DrillClient and destroy after the call.
On Wed, Dec 23, 2015 at 5:44 AM, John Omernik <[email protected]> wrote: > Hey all, > > I am not sure if I am jumping the gun on this, or if it's ok to ask a > question based on the MapR 1.4 Developer preview. > > The feature that I am talking about is Authentication on the Rest API. > Basically, in the 1.4 Dev preview, the way it's done is through forms based > authentication. If this is how it is going to land in 1.5, I'd like to > discuss here, and perhaps open a JIRA for a small alteration. > > Basically, the way it's setup now, if I want to say use Python Requests, I > have to create a cookie jar, auth with one request, and then keep the state > in the request. > > What would be nice is using basic auth instead of forms auth. Then I can > include the auth credentials with the request, allowing for single request > API calls. This will also play out as we use the API more for > administrative tasks (updating/creating storage plugins etc). > > I don't mind keeping the forms based auth if no auth is provided (perhaps a > redirect to the login form) to keep it looking nice for Web UI users, but > if basic auth is supplied to allow that to be used instead of the forms > auth? > > Basically, if there is a reason for not doing this, I wanted to test the > waters here, if no reason, I'll open a JIRA. I think it would simplify > programatic access down the road, and make the Rest API easier to program > to. > > John >
