I have a challenge. None of my users know their usernames. We use a module that allows them to use their email addresses to login. (And I know of no good way to change usernames and I'm not sure that's a safe path to go down, anyway.)
On the web side of things, I think I can easily overcome this. I'll read the response code via javascript, if it's 401, I'll send them to a webforms page to login, and then bounce them back to the javascript app to continue.
But if we build a mobile app, what are we to do? Browser cookies are useless at this point and we depend entirely on the digest method. Is there a good way to override some core dnn function related to digest authentication and allow emails to be used to lookup a username and login?
I suppose I could create an endpoint that's only available via a specific username and password that exposes a username corresponding to the email address, mask this call behind the login process that only prompts the end user for the email address and password. That could work well in an app scenario. Maybe I just answered my own question. Anyone else have a better suggestion?
As for prompting people in a Javascript app, any better alternatives to what I suggested?