BWS around auth-params equal sign is not parsed correctly #158

Closed
lieryan opened this Issue Sep 22, 2014 · 1 comment

Projects

None yet

2 participants

@lieryan
Contributor
lieryan commented Sep 22, 2014

The syntax for auth-param of an Authorization header according to RFC 7235 Section 2.1 is:

auth-param     = token BWS "=" BWS ( token / quoted-string )

and that recipient MUST parse for such bad whitespace and remove it before interpreting the protocol element.

However webob doesn't remove the BWS (bad whitespace) around the equal sign:

In [1]: parse_auth_params('a= "2", b=3 , c =4')
Out[1]: {'a': ' "2', 'b': '3 '}

Expected behavior:

In [2]: parse_auth_params('a= "2", b=3 , c =4')
Out[2]: {'a': '2', 'b': '3', 'c': '4'}
@bertjwregeer
Member

Thank you for the patch. It has been merged :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment