Labs/Joey/HttpAuth

==Draft / For discussion only.

In order to support RSS readers, the joey server needs to provide HttpAuth as a means to authenticate the user. Currently, the joey server only provides a redirect to a login page. This scheme works great for a browser, but most RSS reader application do not work like this.

So, the behavior should be as such:

1)

If a "browser" access the site without being authenticated they should continue to be redirected to the user/login page. This allows for the best user experience.

2)

If a non-browser access the site without authentication, we should not redirect to the user to user/login, but instead respond with the appropriate http status code (401 Unauthorized, with the right WWW-Authenticate header set).

3)

There will continue to be some pages on the site that do not require authentication.

The term "browser" here is defined any web browser that follows redirects, understands html, etc. We may need to have a function that check the UserAgent for known browser types.

The term "non-browser" here is defined as something that fails the UA check mentioned above.

Also, the j2client and the firefox addon may want to use HttpAuth to possibly reduce network bandwidth. This should be investigated.