Suboptimal parsing of the authorization header

there's a fair amount of painful parsing code devoted to unpacking the key/value fields in the Authorize header. i have to believe i'm just unaware of an nginx built-in of some sort that will do this part for me. however the docs only led me to a string-level representation of the header.
