Web session handling in Scoop

[jfastnacht]

I recently stumbled over a problem regarding the installation of Foundry Virtual Tabletop via Scoop. The download requires you to be logged in, but the download URL is fixed:

https://foundryvtt.com/releases/download?version=$version&platform=windows

Without too much effort it is possible to simulate a login via PowerShell, fetch the sessionid cookie, which is needed for the download. Since Scoop got a cookie attribute I was then able to install it by setting the sessionid cookie within the manifest by hand. Of course that's not a proper solution for the problem. What I'm missing is a possibility to simulate the login and provide the sessionid cookie for Scoops download function before the download happens within Scoop.

Is Scoop supposed to be stateless or can we add some functionality to run scripts before the download happens to take care of logins, more complex cookie handling and such (something like pre_download, similar to pre_install)?

[CEbbinghaus]

This would solve the problem I am having when trying to let scoop download artifacts from an organization repository

[rashil2000]

What is required to download from your org repo?

[CEbbinghaus]

I am still investigating ways to download the files. But ideally just a function to provide Headers/Cookies/QueryParamters would be ideal. Although it would be very hard to implement into the scoop ecosystem since it requires code logic which doesn't fit well with the JSON schema

[rashil2000]

Query parameters can be added to the URL itself, right?

You can provide Headers using the config file. See #4254 (comment) and #5140 (reply in thread) for example.

[CEbbinghaus]

That is based on users defining a configuration value within their own config. This is meant more as a program specific configuration that lets packages define a way that they should be authenticated against. We would have several varied ways to download artifacts and having to ask the user to add a definition for every one and update it for packages that change seems unrealistic when considering that this would need to work for over 2k people