Look at "Authorization: Basic d2lraTpwZWRpYQ==" it is just two tokens,
but the content is decoded and returned in the ns_set a user and
password. Here is an example of the digest authorization header
Authorization: Digest username="Mufasa",
realm="testre...@host.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41
The ns_set will contain the fields named in plaintext.
Here is some other example with from AWS:
|Authorization: AWS4-HMAC-SHA256
Credential="AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request",
SignedHeaders=host;range;x-amz-date,Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024|
||One can get in the case the values directly from the incoming set
(this works always)
||||
set auth_header [ns_set iget [ns_conn headers] Authorization ""]
if {[regexp {^(\S+)\s+(.*)$} $auth_header . AuthMethod value]} {
set dict [ns_parsefieldvalue $value]
}
# {Credential AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request}
{SignedHeaders host range {} x-amz-date {}} {Signature
fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024}
This is not much code. Actually, in the provided examples from Amazon,
the "Credential" token is not quoted, but according to
https://tools.ietf.org/html/rfc7230#section-3.2.6, the token field value
containing a "/" must be quoted. Oh, well.
In another example of a HTTP-HMAC
(https://docs.acquia.com/personalization/api/hmacv2/), the values are
nicely quoted and therefore also parse-able via ns_parsefieldvalue:
Authorization: acquia-http-hmac
realm="AcquiaLiftWeb",id="Ra9YgrsKAcXDLMexg44N",nonce="d1954337-5319-4821-8427-115542e08d10",vesion="2.0",signature="R6y7kWkBnUdcSNXMxh4Vib6wSSHYKY4srCA1d4unW78="
In the "Bearer" case this is different, but much simpler, and not
further structured:
|Authorization:BearerAbCdEf123456|
We could consider to decode the provided token on the fly, ... but then
we would get binary values in the set. it is more convenient to with the
b64 value and decode, when needed.
all the best
-g
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel