Open
Description
Design Proposal
- Allow the token to be included in either the query string (
?token=<TOKEN>) or the request header (X-TOKEN: <TOKEN>). - The token will take precedence over the standard authorization header. If the token authentication fails, the system will then fall back to using the authorization header for authentication.
- Each user will be assigned a unique token. The token will be refreshed every time the
dufsservice is restarted.
Why need this features
- Some clients are unable to download protected resources due to their limitations in handling Basic/Digest authentication (See issues Add an authorization token after the link #462 and 设置账户后 下载 401 安卓浏览器 #465).
- Solve the known compatibility problems associated with Basic/Digest authentication that can lead to unexpected errors (Refer to issue auth cannot remain in all path #510).
- The WebUI can store the token in local storage, enabling users to remain logged in even after restarting their browsers.