Note that this page details our proposal of how to handle authentication. Comments welcome.
We understand it may be necessary to authenticate the entire auspice website, or certain datasets. Our proposed solution to this is to perform all authentication on the server (remember that custom server handlers are already part of the auspice extension framework). This relies on cookies being available to the server on each and every request made from auspice, which should happen automatically.
Logging in / authenticating:
The intial request (which currently serves ) shall check that the user is authenticaed.
If so, it can deliver the auspice
If not, it can redirect to a login page which will set this cookie.
Note that this login page is deliberately not part of auspice.
The login details (e.g. username) could be available to auspice via the
getAvailable request (to explore).
We will design a (customisable) login button / logged in user for auspice.
It may be that the "login" button redirects to
/login which is handled by the server as above.
The datasets which are "available" to the client can be controlled by the server, such that only those with sufficient permissions are returned when the
getAvailable request is processed.
Likewise, requests for
getDataset can be checked against the current cookie.