Blank passwords result in different Auth headers

[ncase]

Some web services have RESTful APIs where you authenticate using your API key as your username and a blank password. I was using such a service, when I was stopped by this bug which only happens with blank passwords:

request.get(url).auth("username","",true);

will send a different Authentication header than

request.get(url, {
    auth: {
        user: "username",
        pass: "",
        sendImmediately: true
    }
});    

Even though these two should be functionally identical.

To demonstrate this bug, I used RequestBin to log my HTTP requests, and indeed, these two different methods result in different Authentication headers being sent. Please run the following code for yourself and see the results here.

var request = require('request');

var requestBin = "http://requestb.in/14iakdo1"; // Go to http://requestb.in to create a new bin
var username = "username";
var password = "";

// Authorization: Basic dXNlcm5hbWU6
request.get(requestBin).auth(username,password,true);

// Authorization: Basic dXNlcm5hbWU6dW5kZWZpbmVk
// This Auth header is WRONG.
request.get(requestBin, {
    auth: {
        user: username,
        pass: password,
        sendImmediately: true
    }
});

I'd just use the first method, but it means I can't have my extra options or callback.

Which is a bummer.

---

UPDATE: Changing auth.pass to auth.password sends the correct Auth header, somehow.

// Authorization: Basic dXNlcm5hbWU6
request.get(requestBin, {
    auth: {
        user: username,
        password: password,
        sendImmediately: true
    }
});

---

UPDATE 2: This might explain why there's an extra "dW5kZWZpbmVk" in the wrong Auth header: http://www.base64decode.org/dec/dW5kZWZpbmVk/