How to handle authInfo data for INFO command (GET request)?

[mwullink]

A domain of contact info request and domain transfer may need to include a authInfoType element in the std xml request.

how do we send this to the server, using request payload in the message body for a GET request is not defined and recommended.

options are:

• put the entire request msg json/xml into a http header
• use a http header to contain the authInfoType info. this is not pretty but it should work for any format
• use the POST method but the semantics of this method are incorrect (create object)

Until the HTTP QUERY method is standardized, we may have no option other than using a header.

rfc9110 states one should not use messagebody for GET request as the result is undefined. see: https://www.rfc-editor.org/rfc/rfc9110#section-9.3.1-6

this is the xml syntax for authInfoType:

<complexType name="authInfoType">
    <choice>
      <element name="pw" type="eppcom:pwAuthInfoType"/>
      <element name="ext" type="eppcom:extAuthInfoType"/>
    </choice>
   </complexType>

[mwullink]

In the case where authInfoType is required for a info request, the client should use the POST method and include the epp request incl the authInfoType in the mesage body

[mwullink]

client can use the REPP-authInfo header for a sinple token and use GET method

if complex token (incl roid) must be used then the client must use a complete request message and the POST method