W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Ambiguous case in WWW-Authenticate grammar?

From: Jesse Wilson <jesse@swank.ca>
Date: Sun, 20 Apr 2014 22:15:46 -0400
Message-ID: <CAME=j1=J7xWaeFYQ1+OVon-vfaVK=2qe29pJUhtxTHYTB5Ubdg@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
I’m working on improving the Challenge/Credential API of
OkHttp<https://github.com/square/okhttp>and I’ve stumbled across a
curious case in the grammar. Specifically in auth
section 2.1<https://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#section-2.1>),
which says this:

   challenge   = auth-scheme [ 1*SP ( token68 / #auth-param ) ]
   auth-param  = token BWS "=" BWS ( token / quoted-string )
   token68     = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) *"="

Suppose I receive this response header:

WWW-Authenticate: Wink ABC=

Is ABC= a four character token68? Or is it a parameter named ABC whose
value is the empty string?

My current plan is to defer interpreting the header until the application
layer requests it. But that approach is not particularly satisfying.

Thanks!
Received on Monday, 21 April 2014 02:16:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC