W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

opaque parameter in the Authorization request header

From: Evgeniy Khramtsov <xramtsov@gmail.com>
Date: Wed, 13 Aug 2008 18:57:41 +1000
Message-ID: <48A2A205.7080309@gmail.com>
To: ietf-http-wg@w3.org


I have a question regarding RFC 2617 (HTTP Authentication). Please, 
forgive me if it is not the right list for such questions.
In RFC 2617 para 3.2.2 it is saying that: "The values of the opaque and 
algorithm fields must be those supplied in the WWW-Authenticate response 
header for the entity being requested". Does it mean that "opaque" field 
is mandatory in the "Authorization" header in the case it was present in 
the "WWW-Authenticate" header?

Currently I'm a spectator of a situation when a client doesn't include 
an "opaque" field in the "Authorization" header and a server replies 
with 400 "Authorization should contain opaque". Actually, I don't know 
who is right: a client or a server?


Evgeniy Khramtsov, ProcessOne.
Received on Wednesday, 13 August 2008 08:58:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:37 UTC