Update authorisation header and extend www-auth with digest #9014
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hamishwillee
requested review from
teoli2003
and removed request for
a team
hamishwillee
commented
Sep 17, 2021
hamishwillee
commented
Sep 17, 2021
|
|
||
| ## Specifications | ||
|
|
||
| | Specification | Title | | ||
| | ---------------------------------------------------- | -------------------------------------- | | ||
| | {{RFC("7235", "Authorization", "4.2")}} | HTTP/1.1: Authentication | | ||
| | {{RFC("7617")}} | The 'Basic' HTTP Authentication Scheme | | ||
| | {{RFC("7616")}} | HTTP Digest Access Authentication | |
There was a problem hiding this comment.
Note, I have BCD item in progress to add these. Still under discussion. This is kind of "interim solution".
7 tasks
teoli2003
approved these changes
Sep 20, 2021
|
It doesn't sit well with me that this you still need to go to the spec to get detail. But it is still better than it was/more useful than over-promoting the basic authentication. So, merging. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is continued update or HTTP authorisation docs for #8682
This updates the
WWW-AuthenticateandAuthorizationheader docs with additional information. These headers are part of a framework, so the directives depend on the authentication method used. Prior to these updates the headers were written as though only theBasicauthentication existed.What I have tried to do is make this framework more obvious by including the directives and examples for both
BasicandDigestauthentication.Part of the way though though I realised that it is very difficult to do justice to the Digest authentication - yes I could capture the entire algorithm, but the spec is pretty dense. I don't think we want to go to the point where people think this replaces the spec. What I want to do is give an overview that gives a good flavour of how it works, but makes it pretty clear that you do need to go to the spec if you're going to do anything more than superficial.
In other words, I don't think this is perfect, but I think it is better. Thoughts?
This part is pretty much done for now. I am planning on updating the BCD mdn/browser-compat-data#12446 to give better links into the spec. That is actually likely to be the most valuable part of this effort :-0