File tree Expand file tree Collapse file tree 2 files changed +21
-20
lines changed
Expand file tree Collapse file tree 2 files changed +21
-20
lines changed Original file line number Diff line number Diff line change @@ -32,17 +32,25 @@ interpreted as described in [RFC 2119](http://www.ietf.org/rfc/rfc2119.txt).
3232
3333### Stack Authentication Middlewares
3434
35+ #### Token
36+
37+ A Stack authentication token represents the user or service driving the user
38+ agent making a request. The token MUST be stored as the ` stack.authn.token `
39+ request attribute. The token MUST either be a string or serializable.
40+
41+
3542#### Authentication
3643
3744A Stack authentication middleware is free to use whatever means necessary to
3845authenticate a request. The end result of a successfully authenticated request
39- is that the ` stack.authentication.token ` attribute is set on the request.
46+ should be that the ` stack.authn.token ` attribute on the request is set to a
47+ valid token.
4048
4149If a request has authentication credentials that are invalid for any reason a
42- Stack authentication middleware MAY immediately challenge or return another
43- reaponse (for example, a 400 error response).
50+ Stack authentication middleware MAY either immediately challenge or return
51+ another reaponse (for example, a 400 error response).
4452
45- If a request already has the ` stack.authentication .token ` attribute set a Stack
53+ If a request already has the ` stack.authn .token ` attribute set a Stack
4654authentication middleware MUST NOT attempt to further authenticate the request.
4755However, the Stack authentication middleware MAY act further upon inspecting
4856the response.
Original file line number Diff line number Diff line change @@ -29,25 +29,18 @@ interpreted as described in [RFC 2119](http://www.ietf.org/rfc/rfc2119.txt).
2929 authorization fails when a request is not authenticated.
3030
3131
32- ### Stack Authorization Middlewares
32+ ### Stack Authorization Middlewares and Applications
3333
34- #### Token
34+ Authorization MUST be based on the token stored in the ` stack.authn.token `
35+ request attribute.
3536
36- Authorization should be based on the token stored in the
37- ` stack.authentication.token ` request attribute. This token should be a string
38- that can be used to gather additional information about the authenticated user
39- making the request.
37+ If a token exists but the request is not authorized, a Stack authorization
38+ middleware MUST return a ` 403 ` response.
4039
41- #### Integration with Stack Authentication
42-
43- If authentication is provided by way of ` stack.authentication.token ` but the
44- request is not authorized, a Stack authorization middleware MUST return a ` 403 `
45- response.
46-
47- If authentication is not provided by way of ` stack.authentication.token ` , a
48- Stack authorization middleware SHOULD return a ` 401 ` response with a
49- ` WWW-Authenticate: Stack ` header. This will give the appropriate Stack
50- authentication middlewares an opportunity to challenge as appropriate.
40+ If a token does not exist, a Stack authorization middleware SHOULD return a
41+ ` 401 ` response with a ` WWW-Authenticate: Stack ` header. This will give the
42+ appropriate Stack authentication middlewares an opportunity to challenge as
43+ appropriate.
5144
5245
5346### Implementations
You can’t perform that action at this time.
0 commit comments