What is not clear to me is how we can make use of the servers initial response in order control which credential helper to call and how to transport the credentials. Imagine we try to clone over http. The initial request sent to the server may not contain a "Authorization: ..." header and the server responds with Unauthorized. But the server response contains hints like a "WWW-Authenticate: Basic realm=..." line or a "WWW-Authenticate: Bearer realm=..." line which helps choosing the authentication scheme used next. Maybe the server even responds with both lines telling I would accept BASIC or BEARER. I can imagine that we want libcurl to deal with that decisions. But even then. How do we make sure the our credential helpers can act return either user/password or bearer tokens based on the server response? If credential helper would have access to the servers response (or only relevant parts of it?) it could decide whether to feel responsible for that server or not and what data to return. And if credential helper could optionally give metadata about the kind credential they offer (e.g. "I return user/password" or "I return a bearer token") then core code could know where to transport this data. E.g. in a "Authorization: Basic ..." or a "Authorization: Bearer ..." field. Ciao Chris
