http Authorization标头中的有效字符是什么 [英] What are the valid characters in http Authorization header
问题描述
我在规范文档中找不到一个易于理解的答案。除了简单的答案,我很乐意获得对描述此规范的规范的引用。
I couldn't find an easy to understand answer in the specification document. Besides the simple answer I would be glad to get a reference to the specification describing this.
这个问题是对将其值设置为加密的SAML 2令牌时,授权标头为null 。
推荐答案
Authorization = "Authorization" ":" credentials
这个
规范采用[..] <$ c的定义$ c>凭证来自[RFC 2617]的
。
This
specification adopts the definitions of [..] "credentials"
from [RFC 2617].
credentials = auth-scheme #auth-param
auth-scheme = token
auth-param = token "=" ( token | quoted-string )
For Basic, the framework above is utilized as follows:
credentials = "Basic" basic-credentials
因此,在修复授权:
部分后,您可以使用:
So after the fixed Authorization:
part, you can use:
-
token
,后跟可选的=(token | quoted-string)
(参见 RFC 2616第16页)使用摘要或任何其他未指定的身份验证方案时,或 -
使用基本身份验证时的基本基本凭据
,其中basic-credentials
是 base64-根据RFC 2045编码。
token
, followed by an optional"=" (token | quoted-string)
(see page 16 of RFC 2616) when using Digest or any other unspecified authentication scheme, or"Basic" basic-credentials
when using Basic authentication, wherebasic-credentials
are base64-encoded according to RFC 2045.
我猜你实际上是在尝试提出另一个问题。您是否在实施特定授权机制方面遇到任何问题?你想用什么语言实现它,你现在有什么代码,问题是什么?
I guess though that you're actually trying to ask a different question. Do you have any trouble regarding implementing a specific authorization mechanism? In what language are you trying to implement that, what code do you currently have and what is the problem?
这篇关于http Authorization标头中的有效字符是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!