Hi Ján!
I'm using apache basic_auth on my webserver that runs Davical and caldavzap/mate.
While caldavzap doesn't seem to be negatively affected by basic_auth, unfortunately it doesn't take advantage of it either. In theory it could skip the login screen and jump right into the calendar. Instead one has to enter his credentials again.
no, basic auth is not related to "fast login" or anything similar. Basic auth = authentication where your username and password is send in the request header without encryption. Another authentication is the Digest auth which uses multiple request/responses and sends your password in hashed form.
Yes, I'm using Basic Auth over TLS:
apache config: [...] AuthType Basic AuthName "My secret area" [...]
You're right, it doesn't offer anything like "fast login" (the user still has to enter her password, just in a popup window presented by the browser).
What Basic Auth *does* offer is a simple way to achieve single-sign-on across wildly different web applications, as the browser will cache the credentials during its runtime.
"/auth/" shows that caldavzap correctly receives username/password from the webserver (even when not "logged in" in caldavzap).
No, the auth module cannot return the username/password if you are not logged in. You very probably entered your username + password into the browser authentication window and saved them. Then if you open the /auth/ URL your browser sends the username + password automatically.
Yes, precisely.
Is there a way to make caldavzap (and *mate) to skip the login-screen in such a setup?
It looks like you don't understand the reason why the auth module exists. The MAIN reason is to prevent the browser to show the auth popup if you enter invalid username/password into the login windows (because this problem is no solvable in pure JavaScript).
Yeah, the concept of the auth module is a bit fuzzy to me, and maybe it doesn't have anything to do with what I try to achieve (i.e., make caldavzap somehow acquire the credentials provided by the browser).
How I understand caldavzap is that it is running partially as PHP on the server and partially in the browser as JS. I don't have much experience with JS-based apps like this. Old-school web applications like PHP-based ones could easily be modified to make use of the PHP_AUTH_* variables so that they would skip their login-screen.
I'd like to do the same with caldavzap. As caldavzap seems to run primarily as JS in the browser, it obviously doesn't have access to the PHP_AUTH_* environment variables. I just wonder whether you might know a way to make this work regardless.
regards Dariush