Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-7053

Consider supporting multiple challenges for WWW-Authenticate http header.

    XMLWordPrintableJSON

    Details

      Description

      According to RFC, duplicate http headers are not allowed:
      https://tools.ietf.org/html/rfc7230#section-3.2.2

      However, multiple headers can be appended as a comma separated list for one single header section. This is also true for multiple challenges in Www-Authenticate with a 401 Unauthorized response:
      https://tools.ietf.org/html/rfc2617#section-4.6

      We should support multiple challenges case and figure out which one is the strongest auth-scheme that we should go with.

      A simple proposal might be selecting an auth-scheme by defining a priority, e.g.,
      1. Bearer
      2. Basic
      ...

      For sure, more discussion is needed.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              gilbert Gilbert Song
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: