From a467115d599f8f59d91d6e1f0429279326166762 Mon Sep 17 00:00:00 2001 From: "J. King" Date: Mon, 18 Feb 2019 14:40:08 -0500 Subject: [PATCH] Document TTRSS authentication modes better The different modes can be likened to either multi-user or single-user mode in original --- docs/en/030_Supported_Protocols/020_Tiny_Tiny_RSS.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/en/030_Supported_Protocols/020_Tiny_Tiny_RSS.md b/docs/en/030_Supported_Protocols/020_Tiny_Tiny_RSS.md index a8db4ce..8653969 100644 --- a/docs/en/030_Supported_Protocols/020_Tiny_Tiny_RSS.md +++ b/docs/en/030_Supported_Protocols/020_Tiny_Tiny_RSS.md @@ -61,25 +61,31 @@ Tiny Tiny RSS itself is unaware of HTTP authentication: if HTTP authentication i - Clients may optionally provide HTTP credentials - API authentication proceeds as normal - All feed icons are visible to unauthenticated clients + - Analogous to multi-user mode - If the `userHTTPAuthRequired` setting is `true`: - Clients must pass HTTP authentication - API authentication proceeds as normal - Feed icons are visible only to their owners + - Analoguous to multi-user mode with additional HTTP authentication - If the `userSessionEnforced` setting is `false`: - Clients may optionally provide HTTP credentials - If HTTP authentication succeeded API authentication is skipped: tokens are issued upon login, but ignored for HTTP-authenticated requests - All feed icons are visible to unauthenticated clients + - Analogous to single-user mode if using HTTP authentication, and to multi-user mode otherwise - If the `userHTTPAuthRequired` setting is `true` and the `userSessionEnforced` setting is `false`: - Clients must pass HTTP authentication - API authentication is skipped: tokens are issued upon login, but thereafter ignored - Feed icons are visible only to their owners + - Analogous to single-user mode - If the `userPreAuth` setting is `true`: - The Web server asserts HTTP authentication was successful - API authentication only checks that HTTP and API user names match - Feed icons are visible only to their owners + - Analoguous to multi-user mode with additional HTTP authentication - If the `userPreAuth` setting is `true` and the `userSessionEnforced` setting is `false`: - The Web server asserts HTTP authentication was successful - API authentication is skipped: tokens are issued upon login, but thereafter ignored - Feed icons are visible only to their owners + - Analogous to single-user mode In all cases, supplying invalid HTTP credentials will result in a 401 response.