You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are in the planning stages of implementing a new authentication scheme based on the HAWK signature authentications scheme. Using the planned scheme, we would need to generate a signature and append it to the AJAX header before each request for a protected resource. This can be accomplished easily enough with the ajaxConfig.beforeSend option 👍
There are at least few scenarios under which the server may fail to authenticate the signature:
The signature is invalid (was hashed using the wrong key/algorithm)
The timestamp sent with the request is out of sync with the server's time
In the first case, we would like to catch the unauthorized response, and present a login-popup for the user to log in and re-generate their private key. Upon successful retrieval of a new key, we would like to resend the request. In the second case, we would like to re-send the request with a modified timestamp to compensate for skew between the client and server time.
How do you recommend handling these unauthorized responses without specifying an error handler for each .fetch, .sync call? Perhaps an ajaxConfig.error callback would allow us to intercept the unauthorized response, make adjustments and retry it.
The text was updated successfully, but these errors were encountered:
We are in the planning stages of implementing a new authentication scheme based on the HAWK signature authentications scheme. Using the planned scheme, we would need to generate a signature and append it to the AJAX header before each request for a protected resource. This can be accomplished easily enough with the ajaxConfig.beforeSend option 👍
There are at least few scenarios under which the server may fail to authenticate the signature:
In the first case, we would like to catch the unauthorized response, and present a login-popup for the user to log in and re-generate their private key. Upon successful retrieval of a new key, we would like to resend the request. In the second case, we would like to re-send the request with a modified timestamp to compensate for skew between the client and server time.
How do you recommend handling these unauthorized responses without specifying an error handler for each
.fetch,.synccall? Perhaps anajaxConfig.errorcallback would allow us to intercept the unauthorized response, make adjustments and retry it.The text was updated successfully, but these errors were encountered: