Closed HomiGrotas closed 2 years ago
The Basic Auth specification clearly states that the username cannot contain a colon character. Reference: https://www.rfc-editor.org/rfc/rfc2617#section-2.
basic-credentials = base64-user-pass
base64-user-pass = <base64 [4] encoding of user-pass,
except not limited to 76 char/line>
user-pass = userid ":" password
userid = *<TEXT excluding ":">
password = *TEXT
With your change, you would be making it impossible to have colons in the password, which goes against the spec, which does allow colons in the password. There is really no way to make colons work for everybody, but if I have to choose, I prefer to allow them in the password, where they are much more likely to appear.
I didn't know that. Thanks for the detailed answer. How about mentioning it in the docs so other developers with the same problem won't have to bother searching for it?
I guess, but HTTP Authentication is full of conditions and rules. Should all of that be copied to this package's docs? I think the important lesson here is that when you are coding against a specification, RFC or similar, it is required that you check that you are within the boundaries of what's allowed.
When using mac address as a username, the result is: