Re: Ambiguous case in WWW-Authenticate grammar?

On Sun, Apr 20, 2014 at 10:15:46PM -0400, Jesse Wilson wrote:

> section 2.1<https://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#section-2.1>),
> which says this:
> 
>    challenge   = auth-scheme [ 1*SP ( token68 / #auth-param ) ]
>    auth-param  = token BWS "=" BWS ( token / quoted-string )
>    token68     = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) *"="
> 
> Suppose I receive this response header:
> 
> WWW-Authenticate: Wink ABC=
> 
> Is ABC= a four character token68? Or is it a parameter named ABC whose
> value is the empty string?

AFAICT, it is token68.

Neither token nor quoted-string can expand into empty string. Nor can
those expand into string of '='.


-Ilari

Received on Monday, 21 April 2014 02:49:01 UTC