Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add WWW-Authenticate response header on 401 #88

Merged
merged 1 commit into from
Aug 28, 2015
Merged

Add WWW-Authenticate response header on 401 #88

merged 1 commit into from
Aug 28, 2015

Conversation

teohhanhui
Copy link
Contributor

No description provided.

@slashfan
Copy link
Contributor

Hi, would you care to elaborate ?

@teohhanhui
Copy link
Contributor Author

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2

10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource.

@slashfan
Copy link
Contributor

Ok, it's pretty interesting. But the 'Bearer' authorization header value preffix cannot be hardcoded as it is configurable on a per-firewall basis.

@teohhanhui
Copy link
Contributor Author

Actually, as far as I can tell, the "Bearer" part is standard (it's the same even for OAuth 2). It's only what follows that might vary. But we don't necessarily have to provide that flexibility for now... (Perhaps another PR for further enhancement?)

@slashfan
Copy link
Contributor

I think you're right. Let's merge that for the moment.

slashfan added a commit that referenced this pull request Aug 28, 2015
Add WWW-Authenticate response header on 401
@slashfan slashfan merged commit a0e2f0a into lexik:master Aug 28, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants