I'm looking for some examples, tips, advice, some general sense of direction for implementing (or finding an implementation of) an aspect-oriented HTTP authentication library.
For a little groundwork, we've built an iOS library that establishes various forms of authentication for HTTP services, asking for user credientials via web forms or native modal windows, depending on the the mechanism in use. But once the credentials are validated, the library hands them off and basically wipes it's hands of any responsibility for ensuring the freshness of the session, timeouts, etc.
I'm interested in finding examples, or some guidance in implementing more of a continuous network authentication gateway between our app and the backend services. In a sense, the app does some initial configuration for this auth library and from that point on, any NSURLConnections or UIWebView requests will be transparently intercepted and pass through this auth library ... The library receives these requests, determines whether an existing and valid auth session satisfies the requirements or whether to present a login via webform or native modal for one or more of these pending requests ... and then once satisfied, it funnels the resulting response back to the initial requestor.
The important thing is that none of the subsequent network requests want or need to know any special details about the authentication mechansism in use, whether it's cookies, Basic Auth headers, O-Auth tokens, etc ... any of those details are handled by the auth library as it mutates the outbound requests and snoops the inbound responses.
I'm pretty sure that if we implemented an NSURLProtocol, we could redirect connections through this library, but am I correct in understanding that this would require the URLs to have a custom scheme? (i.e. myauthlib-https://) ... This seems to break the requirement that subsequent connections don't need to know anything special about any of the auth implementation. Ideally, any GET,POST,PUT,DELETE,PATCH requests for http:// and https:// would automatically and transparently pass through this outbound/inbound auth ...
We could try some method swizzling on NSURLConnection to redirect it through our auth library, but this seems rather fragile. I was also considering implemeting something based on AOP-for-Objective-C
Would it be more advisable to try to programmatically implement a HTTP proxy?