You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think the purpose of the headers should be made more consistent across the document.
In the Introduction, they are used to "return additional information during or after authentication", while in 3, the Authentication-Info header is used to "communicate additional information regarding the successful authentication".
DIGEST use it in an optional manner, to convey additional information after a successful authentication.
Scram is using it in a mandatory manner, to finalize the authentication, by conveying information for authenticating the server.
I think that Authentication-Info should be used by the server once the client is authenticated (i.e. the status code is not 401), to either convey additional information or finalize the authentication.
I think the purpose of the headers should be made more consistent across the document.
In the Introduction, they are used to "return additional information during or after authentication", while in 3, the Authentication-Info header is used to "communicate additional information regarding the successful authentication".
DIGEST use it in an optional manner, to convey additional information after a successful authentication.
Scram is using it in a mandatory manner, to finalize the authentication, by conveying information for authenticating the server.
I think that Authentication-Info should be used by the server once the client is authenticated (i.e. the status code is not 401), to either convey additional information or finalize the authentication.
Proposal in #47.
The text was updated successfully, but these errors were encountered: