[jira] [Created] (MESOS-7053) Support multiple challenges WWW-Authencate http heade.

Gilbert Song (JIRA) Thu, 02 Feb 2017 10:55:05 -0800

Gilbert Song created MESOS-7053:
-----------------------------------

             Summary: Support multiple challenges WWW-Authencate http heade.
                 Key: MESOS-7053
                 URL: https://issues.apache.org/jira/browse/MESOS-7053
             Project: Mesos
          Issue Type: Bug
          Components: libprocess
            Reporter: Gilbert Song



According to RFC, duplicate http headers are not allowed:
https://tools.ietf.org/html/rfc7230#section-3.2.2

However, multiple headers can be appended as a comma separated list for one 
single header section. This is also true for multiple challenges in 
Www-Authenticate with a 401 Unauthorized response:
https://tools.ietf.org/html/rfc2617#section-4.6

We should support multiple challenges case and figure out which one is the 
strongest auth-scheme that we should go with.

A simple proposal might be selecting an auth-scheme by defining a priority, 
e.g.,
1. Bearer
2. Basic
...

For sure, more discussion is needed.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Created] (MESOS-7053) Support multiple challenges WWW-Authencate http heade.

Reply via email to