REST API unauthenticated requests exception based on the User-Agent

Question

Hi All,

I am developing a REST API that supports two kinds of authentication protocols:

1. login form authentication - for browser based clients.
2. Simple Basic authentication - for non-browser clients.

I developed a flow in which unauthenticated requests redirected to the "login form", the problem is that this is an undesired behavior for non-borwser clients!

I thought to solve it by decide according to the "User-Agent" what to do: browsers will be redirected to the "login form" and non-browser clients will get the standard 401:Basic Authentication.

A. What do you think about this solution?
B. Is there a standard way in Java to check if the request came from browser, or do i need to develop this kind of mechanism by my own?

Thanks in advance!

Answer 1

Since you have total control over the client, you have many other ways to do this without checking User-Agent,

1. Use a different URL for client login. Our client doesn't get HTML back so we use a different endpoint.

2. Pass a special parameter like client_version in the URL.

3. If you insist on checking user-agent, use a special string so everything else is browser.