[Webkit-unassigned] [Bug 213177] New: [GTK][WPE] Add API to allow applications to handle the HTTP authentication credential storage

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jun 14 03:40:48 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=213177

            Bug ID: 213177
           Summary: [GTK][WPE] Add API to allow applications to handle the
                    HTTP authentication credential storage
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: Gtk
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cgarcia at igalia.com
                CC: bugs-noreply at webkitgtk.org, mcatanzaro at gnome.org

We depend on libsecret to handle credential persistent storage automatically, but apps might want to use their own storage. I think we could do something like this:

1. Add webkit_authentication_request_set_use_custom_credential_storage (or similar name) to let the request know that saving credentials is allowed but will be handled by user.
2. Add webkit_authentication_request_set_proposed_credential to set the credentials read by application from persistent storage (for apps that want to show the dialog, other prefer to just authenticate without showing the dialog prefilled).
3. When using custom credential storage the user keeps a ref of the request but returns FALSE from authenticate signal to let WebKit handle the dialog (or just TRUE to authenticate with storage credentials)
4. We add a new CredentialPersistence type CredentialPersistenceHandledByUser to let the network process know and avoid storing the credentials using libsecret.
5. On authentication success the request emits WebKitAuthenticationRequest::authenticated signal with the accepted credentials

With this approach the the auhentication request would still have the proposed credential read from persistent storage by libsecret. Apps might decide to always ignore the proposed credentials when using custom storage. Another alternative would be to add a setting to the WebContext to globally disable the persistent storage using libsecret, then we wouldn't need to the webkit_authentication_request_set_use_custom_credential_storage().

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200614/8a34f8af/attachment.htm>

More information about the webkit-unassigned mailing list