undefined | Better HN

0 pointstveita11y ago0 comments

You can add new authentication methods by defining the format of the authorization/authentication headers. OAuth 2 does it. The only thing you need is buy-in from application authors.

0 comments

megaman82111y ago

This is mostly true but browsers treat Basic Auth special. To use Authorization Bearer headers you have to use JavaScript and perhaps localstorage. When using Basic Auth the browser caches your credentials and allows you to be authenticated without cookies and without JavaScript code. The only way you can use OAuth header authorization today is with JavaScript apps, Basic Auth works with normal server side apps.

j / k navigate · click thread line to collapse

0 pointstveita11y ago0 comments

You can add new authentication methods by defining the format of the authorization/authentication headers. OAuth 2 does it. The only thing you need is buy-in from application authors.

0 comments

megaman82111y ago

j / k navigate · click thread line to collapse