* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #321 (closed design: fixed)

Opened 3 years ago

Last modified 2 years ago

Repeating auth-params

Reported by: julian.reschke@gmx.de Owned by: draft-ietf-httpbis-p7-auth@tools.ietf.org
Priority: normal Milestone: 18
Component: p7-auth Severity: Active WG Document
Keywords: Cc:
Origin: https://www.ietf.org/mail-archive/web/oauth/current/msg07855.html

Description

We need to add a statement about what it means if a specific auth-param occurs more than once in a challenge; in particular for "realm" (ack James Manger)

Attachments

321.diff (1.6 KB) - added by julian.reschke@gmx.de 3 years ago.
Proposed patch

Change History

comment:1 Changed 3 years ago by julian.reschke@gmx.de

comment:2 Changed 3 years ago by mnot@pobox.com

There seems to be little interop. Can we engage Chrome and see what they think about changing?

Depending upon that, we can either

  1. say there's no interop explicitly
  2. specify that the first one is to be used

If we can get interop, it'd be nice to define this generically for parameters -- but that's a bigger ask...

comment:3 Changed 3 years ago by julian.reschke@gmx.de

I don't think it'll be easy to get interop for this, because:

a) in practice, it doesn't matter (nobody relies on it),

b) it's easy to break unintentionally (in FF, the behavior for C-d/filename changed twice over the last four releases due to other changes)

So I believe this is one of those where we should just state it's invalid.

comment:4 Changed 3 years ago by mnot@pobox.com

OK, why don't we:

  1. state that it's invalid
  2. add a note to the parameters micro syntax (#266) stating that each parameter should only occur once, and that there isn't interop when implementations receive multiple parameters with the same name

Changed 3 years ago by julian.reschke@gmx.de

Proposed patch

comment:5 Changed 3 years ago by julian.reschke@gmx.de

From [1473]:

State that auth param names are case-insensitive, and that each name must only occur once per challenge (see #321)

comment:6 Changed 3 years ago by julian.reschke@gmx.de

  • Status changed from new to closed
  • Resolution set to incorporated
  • Milestone changed from unassigned to 18

comment:7 Changed 2 years ago by mnot@pobox.com

  • Status changed from closed to reopened
  • Resolution incorporated deleted

comment:8 Changed 2 years ago by mnot@pobox.com

  • Status changed from reopened to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.