I’ve sort of hijacked this GitHub issue: https://github.com/neos/flow-development-collection/issues/1944#issuecomment-613917896 asking about something that’s not directly related but still important.
Currently the PersistentUsernamePasswordProvider can handle HTTP Basic and the regular stuff via POST parameters sent from a login form. That’s fine in general but you can always have only one or the other.
Another problem is that if you use a WebRedirect that is also kicking in for requests that using HTTP Basic Authentication which is wrong since it should return Status 401 with Authorization required.
The use case I have for this (and have solved it via some hacky custom-implemented providers/tokens/EntryPoints) is the following:
I have developed an app that has a web interface where users log in regularly (https://thw-app.de). The app in general allows branches of THW to sign up (private beta currently) and manage their trucks, units, members/users, invite people to mandatory or non-mandatory events. So there’s a lot of different data in it.
I’ve now added CardDAV and CalDAV support using SabreDav and wanted to give people a way of just entering some URL of the application on their phone and use their regular username and password to log in so they don’t need additional credentials. That way they get all their data in their addressbook and calendar that they also see in the app.
IMO that’s a very valid use case to use the same credentials in two different ways but as far as I know there’s currently no way of doing that in Flow without implementing these things as custom classes.
Would be happy to discuss this and also like to know if there are ideas on how to solve it.