Re: opaque parameter in the Authorization request header

On ons, 2008-08-13 at 18:57 +1000, Evgeniy Khramtsov wrote:

> Currently I'm a spectator of a situation when a client doesn't include 
> an "opaque" field in the "Authorization" header and a server replies 
> with 400 "Authorization should contain opaque". Actually, I don't know 
> who is right: a client or a server?

The way I read it the server is right.

The language isn't fully formal, but it does say should (3.2.1) and
required (3.3), which means a client not returning the opaque is clearly

And with opaque included in the earlier RFC2069 specifications with
nearly the same language there really is no excuse for not returning


Received on Wednesday, 13 August 2008 10:16:36 UTC