Related issues: #387 (closed)
Currently, authorization for video playback is mostly based on Basic Auth and alert banners in the video player. This leads to problems like in MaLo where users have to cancel the basic auth in order to access RWTH-SSO login. Furthermore, no helper text can be specified.
This merge request implements an authorization helper which allows users to select their authorization method before video playback. Furthermore, it stores login/password details no longer in the HTTP-Authorization header, but in an session entry. This allows users to switch between videos with different passwords without having to re-authenticate.
Points worth discussing:
- Is it okay to store login/password in the session? Others suggested to store specifically which videos/lectures were authorized. This is more complex, and login/passwords used for video playback should not be personal.