自定义 HTTP 授权标头 [英] Custom HTTP Authorization Header

查看:41
本文介绍了自定义 HTTP 授权标头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想知道将自定义数据放在 HTTP 授权标头中是否可以接受.我们正在设计一个 RESTful API,我们可能需要一种方法来指定自定义授权方法.举个例子,我们称之为FIRE-TOKEN认证.

I was wondering if it's acceptable to put custom data in an HTTP authorization header. We're designing a RESTful API and we may need a way to specify a custom method of authorization. As an example, let's call it FIRE-TOKEN authentication.

根据规范,这样的事情是否有效并被允许:授权:FIRE-TOKEN 0PN5J17HBGZHT7JJ3X82:frJIUN8DYpKDtOLCwo//yllqDzg=

Would something like this be valid and allowed according to the spec: Authorization: FIRE-TOKEN 0PN5J17HBGZHT7JJ3X82:frJIUN8DYpKDtOLCwo//yllqDzg=

第二个字符串的第一部分(':'之前)是API密钥,第二部分是查询字符串的哈希值.

The first part of the second string (before the ':') is the API key, the second part is a hash of query string.

推荐答案

RFC2617 中定义的格式credentials = auth-scheme #auth-param.所以,同意fumanchu,我认为修正后的授权方案应该是这样的

The format defined in RFC2617 is credentials = auth-scheme #auth-param. So, in agreeing with fumanchu, I think the corrected authorization scheme would look like

Authorization: FIRE-TOKEN apikey="0PN5J17HBGZHT7JJ3X82", hash="frJIUN8DYpKDtOLCwo//yllqDzg="

其中 FIRE-TOKEN 是方案,两个键值对是身份验证参数.虽然我相信引号是可选的(来自 p7-auth-19 的附录 B)...

Where FIRE-TOKEN is the scheme and the two key-value pairs are the auth parameters. Though I believe the quotes are optional (from Apendix B of p7-auth-19)...

auth-param = token BWS "=" BWS ( token / quoted-string )

我相信这符合最新的标准,已经在使用中(见下文),并为简单的扩展提供了一个键值格式(如果你需要额外的参数).

I believe this fits the latest standards, is already in use (see below), and provides a key-value format for simple extension (if you need additional parameters).

可以在此处查看此 auth-param 语法的一些示例...

Some examples of this auth-param syntax can be seen here...

https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-p7-auth-19#section-4.4

https://developers.google.com/youtube/2.0/developers_guide_protocol_clientlogin

https://developers.google.com/accounts/docs/AuthSub#WorkingAuthSub

这篇关于自定义 HTTP 授权标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆