http Authorization标头中的有效字符是什么 [英] What are the valid characters in http Authorization header

问题描述

我在规范文档中找不到一个易于理解的答案。除了简单的答案，我很乐意获得对描述此规范的规范的引用。

I couldn't find an easy to understand answer in the specification document. Besides the simple answer I would be glad to get a reference to the specification describing this.

这个问题是对将其值设置为加密的SAML 2令牌时，授权标头为null 。

推荐答案

RFC 2616,14.8授权：

Authorization = "Authorization" ":" credentials

RFC 2616,11访问认证：

这个
规范采用[..] <$ c的定义$ c>凭证来自[RFC 2617]的
。

This specification adopts the definitions of [..] "credentials" from [RFC 2617].

RFC 2617,1.2 1.2访问认证框架：

credentials    = auth-scheme #auth-param
auth-scheme    = token
auth-param     = token "=" ( token | quoted-string )

RFC 2617,2基本认证方案

For Basic, the framework above is utilized as follows:

 credentials = "Basic" basic-credentials

因此，在修复授权：部分后，您可以使用：

So after the fixed Authorization: part, you can use:

• token ，后跟可选的=（token | quoted-string）（参见 RFC 2616第16页）使用摘要或任何其他未指定的身份验证方案时，或


• 使用基本身份验证时的基本基本凭据，其中 basic-credentials 是 base64-根据RFC 2045编码。

• token, followed by an optional "=" (token | quoted-string) (see page 16 of RFC 2616) when using Digest or any other unspecified authentication scheme, or
• "Basic" basic-credentials when using Basic authentication, where basic-credentials are base64-encoded according to RFC 2045.

我猜你实际上是在尝试提出另一个问题。您是否在实施特定授权机制方面遇到任何问题？你想用什么语言实现它，你现在有什么代码，问题是什么？

I guess though that you're actually trying to ask a different question. Do you have any trouble regarding implementing a specific authorization mechanism? In what language are you trying to implement that, what code do you currently have and what is the problem?

这篇关于http Authorization标头中的有效字符是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！