auth-param syntax

[mnot@…]

Credentials are defined in 2617 as

  credentials = auth-scheme #auth-param
  auth-param     = token "=" ( token | quoted-string )

however, Basic seems to be an exception:

  challenge   = "Basic" realm
  credentials = "Basic" basic-credentials
  basic-credentials = base64-user-pass

Note that it previously says:

For Basic, the framework above is utilized as follows

(weakly) implying that it's conformant to the framework.

Options:

1. Note this and say that Basic is grandfathered in; i.e., future schemes MUST NOT have bare arguments
2. Allow bare arguments in credentials (which would imply that ordering is significant)
3. Admit that new schemes can pretty much define their own syntax.

[julian.reschke@…]

See 2617 erratum: ​http://www.rfc-editor.org/errata_search.php?eid=1959

[julian.reschke@…]

From [998]:

Incorporate auth framework from RFC 2617; ack RFC 2617's authors, fix known auth-param erratum (see #195)(see #237)

[julian.reschke@…]

See James Manger's comments in <​http://www.w3.org/mid/255B9BB34FB7D647A506DC292726F6E11281958BA8@WSMSG3153V.srv.dir.telstra.com>

[mnot@…]

unsetting milestone until we have more discussion.

[julian.reschke@…]

proposed patch

[julian.reschke@…]

see [1394]