diff --git a/docs/en/030_Supported_Protocols/020_Tiny_Tiny_RSS.md b/docs/en/030_Supported_Protocols/020_Tiny_Tiny_RSS.md index a8db4ceb..86539698 100644 --- a/docs/en/030_Supported_Protocols/020_Tiny_Tiny_RSS.md +++ b/docs/en/030_Supported_Protocols/020_Tiny_Tiny_RSS.md @@ -61,25 +61,31 @@ Tiny Tiny RSS itself is unaware of HTTP authentication: if HTTP authentication i - Clients may optionally provide HTTP credentials - API authentication proceeds as normal - All feed icons are visible to unauthenticated clients + - Analogous to multi-user mode - If the `userHTTPAuthRequired` setting is `true`: - Clients must pass HTTP authentication - API authentication proceeds as normal - Feed icons are visible only to their owners + - Analoguous to multi-user mode with additional HTTP authentication - If the `userSessionEnforced` setting is `false`: - Clients may optionally provide HTTP credentials - If HTTP authentication succeeded API authentication is skipped: tokens are issued upon login, but ignored for HTTP-authenticated requests - All feed icons are visible to unauthenticated clients + - Analogous to single-user mode if using HTTP authentication, and to multi-user mode otherwise - If the `userHTTPAuthRequired` setting is `true` and the `userSessionEnforced` setting is `false`: - Clients must pass HTTP authentication - API authentication is skipped: tokens are issued upon login, but thereafter ignored - Feed icons are visible only to their owners + - Analogous to single-user mode - If the `userPreAuth` setting is `true`: - The Web server asserts HTTP authentication was successful - API authentication only checks that HTTP and API user names match - Feed icons are visible only to their owners + - Analoguous to multi-user mode with additional HTTP authentication - If the `userPreAuth` setting is `true` and the `userSessionEnforced` setting is `false`: - The Web server asserts HTTP authentication was successful - API authentication is skipped: tokens are issued upon login, but thereafter ignored - Feed icons are visible only to their owners + - Analogous to single-user mode In all cases, supplying invalid HTTP credentials will result in a 401 response.