I'm looking for a best-practice about prompting the user for credentials. I have to code for the possibility that after the user logs in from the phone, he/she could login from another device or webpage and change the password. Since I'm doing BASIC auth, that token will now be incorrect and I need to handle it appropriately.
I've started a new project with AFNetworking. I have subclassed AFHTTPClient and I've overridden the HTTPRequestOperationWithRequest message to set a authentication challenge block on it after I make the call to super. In that block I should create a new NSURLCredential object and send it back to the sender. I get it so far.
What I don't get is how I'm supposed to prompt the user. Ideally I'd like to push a login screen on my nav controller with a login button. Clicking the login button would create the NSURLCredential and send it back to the sender.
- Should I somehow block inside the challenge block? That doesn't seem right.
- Should I save the NSURLAuthenticationChallenge object to a global? Eww.
- Should I push the login page from my subclassed AFHTTPClient? Sounds like I'm violating separation of concerns.
- Should I call my AppDelegate to prompt the user and pass the NSURLAuthenticationChallenge object to it? Sounds better, but still unsure.