[MESOS-7053] Consider supporting multiple challenges for WWW-Authenticate http header. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: libprocess
Labels:

Description

According to RFC, duplicate http headers are not allowed:
https://tools.ietf.org/html/rfc7230#section-3.2.2

However, multiple headers can be appended as a comma separated list for one single header section. This is also true for multiple challenges in Www-Authenticate with a 401 Unauthorized response:
https://tools.ietf.org/html/rfc2617#section-4.6

We should support multiple challenges case and figure out which one is the strongest auth-scheme that we should go with.

A simple proposal might be selecting an auth-scheme by defining a priority, e.g.,
1. Bearer
2. Basic
...

For sure, more discussion is needed.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Gilbert Song

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 02/Feb/17 18:54

Updated:: 02/Feb/17 19:17