Not long ago I secured the external connection to Indigo server using Active Directory Federation Services + Web Application Proxy, that's a long name; anyway, I have no idea how exactly REST APIs communicate, if they're secure or not but what I do know is that no cert = cleartext, plus Federation Services, let's us use our existing accounts instead of Indigo's single account approach--for that authentication had to be turned off and shortly thereafter Indigo Touch wouldn't connect anymore unless a unencrypted passwordless (since it has been removed for Federation) port is punched through the firewall or using either Always-On or On-Demand IKEv2, that introduces new issues on its own though, Always-On IKEv2 truly is ALWAYS-ON, if it's switched off manually, all data transfer ceases, it doesn't play nice with multicast traffic either--no Apple TV remote, Harmony is also slow because it's routed way longer. On-Demand IKEv2 not always dials or brings up the tunnel quick enough.
It gets crazier though, less than a month ago I found an Indigo client for Android--and it works! ...with some issues here and there and sort of ugly UI, but it's customizable and it's Android; can't expect too much.
Details done, my question is, how does authentication work at the Indigo web server? Is it digest, is it cleartext, can it be Kerberized? Be used with form auth? Is it claims-aware? I sure there must be some way of sending always the same authentication data from the proxy while allowing users to authenticate with directory credentials, Federation has other perks, like Azure MFA (think a super-secure-huge-ass-Indigo Reflector), Okta, integration with Atlassian Confluence and like a million more we'd like to continue (or start) using. Our phones are our keys to home, more importantly, they are our garage doors openers, so it's sort of crucial to have that functionality at a tap's distance and not to be fiddling with credentials input while driving.
When Indigo was first put behind ADFS not much was researched because there were a lot of things to do still, now I have more time plus a Nintendo-playing-helper friend who can keep me awake, and if I have to learn REST and any of those technologies with acronyms I can only assume are based on irony so be it, I just need a little starter...OAuth?
I hope emails don't go to junkmail this time. :/