Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The rest API should support the following routs:
/signin : to pass user/password credentials and establish a session maintained via cookies
/signout : to invalidate the session
/whoami : to query what the principals associated with the logged in session.
Also if the "AuthPrompt:false" http header is included in the request, then an unauthorized response should not include the "WWW-Authenticate" header to avoid prompting the user via basic auth.