Hi all,<div><br></div><div>I have implemented the HTTP basic authentication and HTTP digest authentication. I have used HTTP authentication hooks in PHP for implementing this. This implementation has a limitation - it runs only when PHP is running as an Apache module and is not available in the CGI version.</div>
<div><br></div><div>Implementing basic authentication was quite easy. It involves checking of the inbuilt variable $_SERVER['PHP_AUTH_USER'] and sending HTTP header <span class="Apple-style-span" style="font-family: 'Lucida Grande', Verdana, Arial, sans-serif; font-size: 12px; line-height: 12px; ">WWW-Authenticate: Basic realm="Mapbender REST". </span></div>
<div><span class="Apple-style-span" style="font-family: 'Lucida Grande', Verdana, Arial, sans-serif; font-size: 12px; line-height: 12px; "><br></span></div><div><span class="Apple-style-span" style="font-family: 'Lucida Grande', Verdana, Arial, sans-serif; font-size: 12px; line-height: 12px; ">Implementing digest authentication was a bit tedious. We need to send nonce using uniqid() function along with realm and WWW-Authenticate in the http header. And then followed the RFC 2069 scheme to calculate the hash and verify the client response. </span></div>
<div><span class="Apple-style-span" style="font-family: 'Lucida Grande', Verdana, Arial, sans-serif; font-size: 12px; line-height: 12px; "><br></span></div><div><span class="Apple-style-span" style="font-family: 'Lucida Grande', Verdana, Arial, sans-serif; font-size: 12px; line-height: 12px; ">This authentication implementation is modular and can be easily plugged in with any REST api call which will be implemented.</span></div>
<div><span class="Apple-style-span" style="font-family: 'Lucida Grande', Verdana, Arial, sans-serif; font-size: 12px; line-height: 12px; "><br></span></div><div><span class="Apple-style-span" style="font-family: 'Lucida Grande', Verdana, Arial, sans-serif; font-size: 12px; line-height: 12px; "><br>
</span></div><div><span class="Apple-style-span" style="font-family: 'Lucida Grande', Verdana, Arial, sans-serif; font-size: 12px; line-height: 12px; ">I also wrote a basic framework of REST API calls. This includes calss which will handle and process all REST API requests. Another class for sending REST response back to the clients. I am using standard HTTP response codes for sending response. I used this list for reference: </span><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html">http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html</a></div>
<div>I am saving the response codes in an ini file. This ini file will be parsed by the php to respond to REST requests. </div><div><br></div><div>With 3 basic module - Authentication, Class for handling REST requests and Class for sending back response to clients - I am all set to implement the REST API requests. I have started with mb_users. </div>
<div><br></div><div>Please comment on the progress. </div><div><br></div><div>Vikas</div>