Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth-Info purpose consistency #49

Closed
hruellan opened this issue Feb 19, 2015 · 1 comment
Closed

Auth-Info purpose consistency #49

hruellan opened this issue Feb 19, 2015 · 1 comment
Labels
auth-info

Comments

@hruellan
Copy link
Contributor

I think the purpose of the headers should be made more consistent across the document.
In the Introduction, they are used to "return additional information during or after authentication", while in 3, the Authentication-Info header is used to "communicate additional information regarding the successful authentication".

DIGEST use it in an optional manner, to convey additional information after a successful authentication.
Scram is using it in a mandatory manner, to finalize the authentication, by conveying information for authenticating the server.

I think that Authentication-Info should be used by the server once the client is authenticated (i.e. the status code is not 401), to either convey additional information or finalize the authentication.

Proposal in #47.
@hruellan hruellan mentioned this issue Feb 19, 2015
Merged
@reschke
Copy link
Contributor

reschke commented Mar 1, 2015

This change was applied in 849702e

reschke added a commit that referenced this issue Mar 1, 2015
@reschke
track changes (#49)
113a058
@reschke reschke closed this as completed Mar 1, 2015
@reschke reschke added auth-info and removed 308bis labels Mar 1, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth-info
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mnot @reschke @hruellan