?

Log in

No account? Create an account
New Authentication Methods - LiveJournal Client Discussions — LiveJournal [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

New Authentication Methods [Apr. 14th, 2004|08:39 am]
LiveJournal Client Discussions

lj_clients

[darklyng]
Apparently clear authentication (password and hpassword) is deprecated - is there any documentation on authentication using cookies or challenge/response?
linkReply

Comments:
[User Picture]From: darklyng
2004-05-06 01:21 pm (UTC)

Re: Proper calling of challenge authorization, and When is it needed, or even available?

I haven't actually done this yet, but if you're going to do it, there's no point doing it for only half your commands! The sensible thing to do is just to store the challenge and it's expiration time so you only need to request a new challenge if it has expired.

As regards which modes challenge/response is available on, my guess would be all of them. I would imagine the docs are more likely to be wrong about that!
(Reply) (Parent) (Thread)
[User Picture]From: whomiga
2004-05-07 12:07 am (UTC)

Re: Proper calling of challenge authorization, and When is it needed, or even available?

A challenge apparently expires after 60 seconds according to checks I've made. In many other systems I've seen (not mentioned one way or the other in the Documentation here), a challenge/response is only valid until
1) The time limit expires, or
2) The response is issued

The specifics of what to do there and why the documentation appears to be incomplete, I suppose is the real question...
(Reply) (Parent) (Thread)