Unauthorized response browser auto-popup window for login #96
Description
WWW-Authenticate header should always be returned in the response when 401 occurs from a missing AuthN/AuthZ headers. https://tools.ietf.org/html/rfc2617#section-3.2.1
This would allow web browsers to popup a login window to enter credentials and login.
To redirect the login request at the right place, we could either use WWW-Authenticate: digest with domain=<URI> (see above reference), or using the following parameter (experimental since 2017?),
Location-When-Unauthenticated Parameter
https://tools.ietf.org/html/rfc8053#section-4.3
For a user accessing a web service via his browser using the proxy URL, this would greatly help him login without having to figure out how/where to login on the requested instance (https://github.com/Ouranosinc/Magpie, some remote Keycloak service, local Twitcher token, etc.).
Side note, for a web browser request that would require to bypass this auto login window/popup feature, the X-Requested-With: XMLHttpRequest request header seems like a wide spread method.
https://stackoverflow.com/questions/9859627
Side-side note (@fmigneault)
Noting this feature here before it fall between cracks.
relates to Ouranosinc/Magpie#330