You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some web services have RESTful APIs where you authenticate using your API key as your username and a blank password. I was using such a service, when I was stopped by this bug which only happens with blank passwords:
Even though these two should be functionally identical.
To demonstrate this bug, I used RequestBin to log my HTTP requests, and indeed, these two different methods result in different Authentication headers being sent. Please run the following code for yourself and see the results here.
var request = require('request');
var requestBin = "http://requestb.in/14iakdo1"; // Go to http://requestb.in to create a new bin
var username = "username";
var password = "";
// Authorization: Basic dXNlcm5hbWU6
request.get(requestBin).auth(username,password,true);
// Authorization: Basic dXNlcm5hbWU6dW5kZWZpbmVk
// This Auth header is WRONG.
request.get(requestBin, {
auth: {
user: username,
pass: password,
sendImmediately: true
}
});
I'd just use the first method, but it means I can't have my extra options or callback.
Which is a bummer.
UPDATE: Changing auth.pass to auth.password sends the correct Auth header, somehow.
Some web services have RESTful APIs where you authenticate using your API key as your username and a blank password. I was using such a service, when I was stopped by this bug which only happens with blank passwords:
will send a different Authentication header than
Even though these two should be functionally identical.
To demonstrate this bug, I used RequestBin to log my HTTP requests, and indeed, these two different methods result in different Authentication headers being sent. Please run the following code for yourself and see the results here.
I'd just use the first method, but it means I can't have my extra options or callback.
Which is a bummer.
UPDATE: Changing
auth.pass
toauth.password
sends the correct Auth header, somehow.UPDATE 2: This might explain why there's an extra "dW5kZWZpbmVk" in the wrong Auth header: http://www.base64decode.org/dec/dW5kZWZpbmVk/
The text was updated successfully, but these errors were encountered: