mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2024-12-22 21:22:40 +00:00
Document TTRSS authentication modes better
The different modes can be likened to either multi-user or single-user mode in original
This commit is contained in:
parent
5885e14566
commit
a467115d59
1 changed files with 6 additions and 0 deletions
|
@ -61,25 +61,31 @@ Tiny Tiny RSS itself is unaware of HTTP authentication: if HTTP authentication i
|
|||
- Clients may optionally provide HTTP credentials
|
||||
- API authentication proceeds as normal
|
||||
- All feed icons are visible to unauthenticated clients
|
||||
- Analogous to multi-user mode
|
||||
- If the `userHTTPAuthRequired` setting is `true`:
|
||||
- Clients must pass HTTP authentication
|
||||
- API authentication proceeds as normal
|
||||
- Feed icons are visible only to their owners
|
||||
- Analoguous to multi-user mode with additional HTTP authentication
|
||||
- If the `userSessionEnforced` setting is `false`:
|
||||
- Clients may optionally provide HTTP credentials
|
||||
- If HTTP authentication succeeded API authentication is skipped: tokens are issued upon login, but ignored for HTTP-authenticated requests
|
||||
- All feed icons are visible to unauthenticated clients
|
||||
- Analogous to single-user mode if using HTTP authentication, and to multi-user mode otherwise
|
||||
- If the `userHTTPAuthRequired` setting is `true` and the `userSessionEnforced` setting is `false`:
|
||||
- Clients must pass HTTP authentication
|
||||
- API authentication is skipped: tokens are issued upon login, but thereafter ignored
|
||||
- Feed icons are visible only to their owners
|
||||
- Analogous to single-user mode
|
||||
- If the `userPreAuth` setting is `true`:
|
||||
- The Web server asserts HTTP authentication was successful
|
||||
- API authentication only checks that HTTP and API user names match
|
||||
- Feed icons are visible only to their owners
|
||||
- Analoguous to multi-user mode with additional HTTP authentication
|
||||
- If the `userPreAuth` setting is `true` and the `userSessionEnforced` setting is `false`:
|
||||
- The Web server asserts HTTP authentication was successful
|
||||
- API authentication is skipped: tokens are issued upon login, but thereafter ignored
|
||||
- Feed icons are visible only to their owners
|
||||
- Analogous to single-user mode
|
||||
|
||||
In all cases, supplying invalid HTTP credentials will result in a 401 response.
|
||||
|
|
Loading…
Reference in a new issue