W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Ambiguity parsing WWW-Authenticate value

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 09 Jul 2014 08:35:11 +0200
Message-ID: <53BCE29F.5040406@gmx.de>
To: cowwoc <cowwoc@bbs.darktech.org>, ietf-http-wg@w3.org
On 2014-07-09 06:32, cowwoc wrote:
> http://tools.ietf.org/html/rfc7235#section-4.1 contains the following
> example:
> WWW-Authenticate: Newauth realm="apps", type=1,
>                         title="Login to \"apps\"", Basic realm="simple"
> This is meant to represent two challenges.
> How is a parser supposed to differentiate between different challenges and
> the parameters belonging to the previous challenge? I can only assume that
> challenges are identified as a key without a value, whereas parameters must
> have a value. Is that correct?

A scheme name is followed by whitespace and a parameter (if any).

I wrote a regexp-based parser based on the ABNF and it works just fine, 
see <http://greenbytes.de/tech/tc/httpauth/>.

> If so, you might want to mention this explicitly in the specification
> because it's not immediately obvious.

Well, the specification was just published, so it's a bit late for 
editorial suggestions like this one...

Best regards, Julian
Received on Wednesday, 9 July 2014 06:35:43 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC