I finally got some proper developer feedback from 2N, I'll just paste the reply here
So it seems that Z-Way needs to "simply" ask for basic authentication and we're done here (or implement Digest authentication as well).
Code: Select all
I have some conclusion for you. As you can see on image below, left side shows communication between 2N IP intercom and 2N IP intercom, so one is server and second is as client. When HTTP command is sent, server side tells client side which authentication methods will be used in header showing those methods, and client side choose the more secured one. When we take a look on right side of image it shows communication with your server, which however does not reply with header offering authentication methods. In such case IP intercom will choose to use more secured again. So as conclusion, if your server sends in header it wants to use basic method, IP intercom will use it. It is possible when web browser receives such reply from your server it will just try basic first so it works for you, however our devices are designed to use more secured way of communication if server does not properly responds. In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field of the form Authorization: Basic <credentials>", where credentials is the base64 encoding of id and password joined by a colon. It is specified in RFC 7617 from 2015, which obsoletes RFC 2617 from 1999. So we are using Basic according to this RFC and we are expecting to received header with authentication methods available. .
Can I request this as a feature update?
Thanks and best regards,