💾 Archived View for rawtext.club › ~sloum › geminilist › 001513.gmi captured on 2020-10-31 at 02:20:03. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
solderpunk solderpunk at SDF.ORG
Wed Jun 10 21:22:59 BST 2020
- - - - - - - - - - - - - - - - - - -
On Tue, Jun 09, 2020 at 08:58:04PM +0200, Petite Abeille wrote:
How is gemini meant to deal with authority's userinfo?
E.g.
gemini://username:password@mozz.us/
gemini://username@mozz.us/
Orthodox?
If so, how does the server communicate authentication failure back to the client?
Thoughts?
I have to admit I was not thrilled to see this come up, predictablyenough. But you're, of course, right, this is a defined part of the URIspec. And, in fact, because clients are already specced as sending aURL to the server, nothing needs to be done to make this valid. MostURL-parsing libraries will probably make it very easy for the server toextract the username and password. So, if servers want to make use ofthis information, I guess they can. They can even make use of statuses10 and 11 to let users setup usernames and passwords.
For this to "catch on", client authors would need to add some support tomake it easy to add this information to queries. I am not very keen toadd extra status codes to facilitate this. We already have status codesin there for an authentication system which has quite some strengthscompared to this (non-brute forcability, much reduced risk of accidentalpassword leakage through URL copying and pasting, etc.).
Cheers,Solderpunk