Best IT Recipes

What are the valid characters in the HTTP authorization header

I could not find an easily understandable answer in the specification document. Besides the simple answer, I would be happy to receive a link to a specification describing this.

This question is a continuation of the authorization header in the zero value when setting its value to the encrypted SAML 2 token .

+6
Oct 22 '13 at 8:04 on
source share
3 answers

RFC 2616, 14.8 Authorization :

Authorization = "Authorization" ":" credentials

RFC 2616, 11 Access Authentication :

This specification accepts the definitions [..] of "credentials" from [RFC 2617].

RFC 2617, 1.2 1.2 Access Authentication Framework :

 credentials = auth-scheme #auth-param auth-scheme = token auth-param = token "=" ( token | quoted-string )

RFC 2617, 2 Basic Authentication Scheme

 For Basic, the framework above is utilized as follows: credentials = "Basic" basic-credentials

So, after the fixed part of Authorization: you can use:

I assume that you are actually trying to ask another question. Do you have problems implementing a specific authorization mechanism? What language are you trying to implement this in, what is your code and what is the problem?

+8
Oct 22 '13 at 8:13
source

Do not worry about precocious specifications and look here: http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p7-auth-24.html##challenge.and.response

+2
Oct 23 '13 at 8:32
source

Valid characters in authorization token

The specifications are really hard to read, but as I understand it, the token can contain any of the following ASCII characters:

 Char Dec Col/Row Oct Hex Name and Description (!) 33 02/01 41 21 EXCLAMATION MARK (#) 35 02/03 43 23 NUMBER SIGN ($) 36 02/04 44 24 DOLLAR SIGN (%) 37 02/05 45 25 PERCENT SIGN (&) 38 02/06 46 26 AMPERSAND (') 39 02/07 47 27 APOSTROPHE (*) 42 02/10 52 2A ASTERISK (+) 43 02/11 53 2B PLUS SIGN (-) 45 02/13 55 2D HYPHEN, MINUS SIGN (.) 46 02/14 56 2E PERIOD, FULL STOP (0) 48 03/00 60 30 DIGIT ZERO (1) 49 03/01 61 31 DIGIT ONE (2) 50 03/02 62 32 DIGIT TWO (3) 51 03/03 63 33 DIGIT THREE (4) 52 03/04 64 34 DIGIT FOUR (5) 53 03/05 65 35 DIGIT FIVE (6) 54 03/06 66 36 DIGIT SIX (7) 55 03/07 67 37 DIGIT SEVEN (8) 56 03/08 70 38 DIGIT EIGHT (9) 57 03/09 71 39 DIGIT NINE (A) 65 04/01 101 41 CAPITAL LETTER A (B) 66 04/02 102 42 CAPITAL LETTER B (C) 67 04/03 103 43 CAPITAL LETTER C (D) 68 04/04 104 44 CAPITAL LETTER D (E) 69 04/05 105 45 CAPITAL LETTER E (F) 70 04/06 106 46 CAPITAL LETTER F (G) 71 04/07 107 47 CAPITAL LETTER G (H) 72 04/08 110 48 CAPITAL LETTER H (I) 73 04/09 111 49 CAPITAL LETTER I (J) 74 04/10 112 4A CAPITAL LETTER J (K) 75 04/11 113 4B CAPITAL LETTER K (L) 76 04/12 114 4C CAPITAL LETTER L (M) 77 04/13 115 4D CAPITAL LETTER M (N) 78 04/14 116 4E CAPITAL LETTER N (O) 79 04/15 117 4F CAPITAL LETTER O (P) 80 05/00 120 50 CAPITAL LETTER P (Q) 81 05/01 121 51 CAPITAL LETTER Q (R) 82 05/02 122 52 CAPITAL LETTER R (S) 83 05/03 123 53 CAPITAL LETTER S (T) 84 05/04 124 54 CAPITAL LETTER T (U) 85 05/05 125 55 CAPITAL LETTER U (V) 86 05/06 126 56 CAPITAL LETTER V (W) 87 05/07 127 57 CAPITAL LETTER W (X) 88 05/08 130 58 CAPITAL LETTER X (Y) 89 05/09 131 59 CAPITAL LETTER Y (Z) 90 05/10 132 5A CAPITAL LETTER Z (^) 94 05/14 136 5E CIRCUMFLEX ACCENT (_) 95 05/15 137 5F LOW LINE, UNDERLINE (') 96 06/00 140 60 GRAVE ACCENT (a) 97 06/01 141 61 SMALL LETTER a (b) 98 06/02 142 62 SMALL LETTER b (c) 99 06/03 143 63 SMALL LETTER c (d) 100 06/04 144 64 SMALL LETTER d (e) 101 06/05 145 65 SMALL LETTER e (f) 102 06/06 146 66 SMALL LETTER f (g) 103 06/07 147 67 SMALL LETTER g (h) 104 06/08 150 68 SMALL LETTER h (i) 105 06/09 151 69 SMALL LETTER i (j) 106 06/10 152 6A SMALL LETTER j (k) 107 06/11 153 6B SMALL LETTER k (l) 108 06/12 154 6C SMALL LETTER l (m) 109 06/13 155 6D SMALL LETTER m (n) 110 06/14 156 6E SMALL LETTER n (o) 111 06/15 157 6F SMALL LETTER o (p) 112 07/00 160 70 SMALL LETTER p (q) 113 07/01 161 71 SMALL LETTER q (r) 114 07/02 162 72 SMALL LETTER r (s) 115 07/03 163 73 SMALL LETTER s (t) 116 07/04 164 74 SMALL LETTER t (u) 117 07/05 165 75 SMALL LETTER u (v) 118 07/06 166 76 SMALL LETTER v (w) 119 07/07 167 77 SMALL LETTER w (x) 120 07/08 170 78 SMALL LETTER x (y) 121 07/09 171 79 SMALL LETTER y (z) 122 07/10 172 7A SMALL LETTER z (|) 124 07/12 174 7C VERTICAL LINE, VERTICAL BAR (~) 126 07/14 176 7E TILDE

The following may also be included, but they must be enclosed in quotation marks:

 Char Dec Col/Row Oct Hex Name and Description 9 00/09 11 09 HT (Ctrl-I) HORIZONTAL TAB 10 00/10 12 0A LF (Ctrl-J) LINE FEED 13 00/13 15 0D CR (Ctrl-M) CARRIAGE RETURN ( ) 32 02/00 40 20 SPACE (") 34 02/02 42 22 QUOTATION MARK (() 40 02/08 50 28 LEFT PARENTHESIS ()) 41 02/09 51 29 RIGHT PARENTHESIS (,) 44 02/12 54 2C COMMA (/) 47 02/15 57 2F SOLIDUS, SLASH (:) 58 03/10 72 3A COLON (;) 59 03/11 73 3B SEMICOLON (<) 60 03/12 74 3C LESS-THAN SIGN, LEFT ANGLE BRACKET (=) 61 03/13 75 3D EQUALS SIGN (>) 62 03/14 76 3E GREATER-THAN SIGN, RIGHT ANGLE BRACKET (?) 63 03/15 77 3F QUESTION MARK (@) 64 04/00 100 40 COMMERCIAL AT SIGN ([) 91 05/11 133 5B LEFT SQUARE BRACKET (\) 92 05/12 134 5C REVERSE SOLIDUS (BACKSLASH) (]) 93 05/13 135 5D RIGHT SQUARE BRACKET ({) 123 07/11 173 7B LEFT CURLY BRACKET, LEFT BRACE (}) 125 07/13 175 7D RIGHT CURLY BRACKET, RIGHT BRACE

Columns and formatting are taken from here .

Speculation

Here are the docs :

Many HTTP / 1.1 header field values ​​consist of words separated by LWS [carriage return, line feed, space, horizontal tab] or special characters. These special characters MUST be enclosed in quotation marks for use in a parameter value (as defined in section 3.6 ).

  token = 1*<any CHAR except CTLs or separators> separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT

Notes

  • Base64 and Base64Url are subsets of the above character set, so if in doubt, you can always encode your Authentication header with one of them.
  • Thanks to @CodeCaster for pointing me in the right direction.
0
May 20 '19 at 16:46
source


More articles:


All Articles