Feature: Support for HTTP basic access authentication

[barsnick]

Please include support for HTTP basic access authentication.

The protocol OCPP (Open Charge Point Protocol, by the Open Charge Alliance) uses websockets for the transport layer. In the protocol's amendment "Improved security for OCPP 1.6-J", use of basic auth according to RFC 2617 is required.

I cannot see how to easily add this around websocketpp. While one could add the "Authorization:" HTTP header, what needs to be done is to connect without this header, and then add it in response to a server status 401 with header "WWW-Authenticate:".

[sebkraemer]

RFC 2617, in section 1.2, states:

A user agent that wishes to authenticate itself with an origin server--usually, but not necessarily, after receiving a 401 (Unauthorized)--MAY do so by including an Authorization header field with the request.

So I'm not reading from the spec that a 401 is mandatory. I've seen at least one case where sending the auth headers with the handshake (GET upgrade request) works. Appears to me that boths ways of doing it are acceptable or at least implementation reality.

I myself am looking into an issue with http auth over websocket with cpprestsdk (using websocketpp under the hood) so I was wondering if and how this is handled.

[benjibst]

I solved this problem like this: try appending an Authorization header to your connection

conn_ptr_tls = client_tls.get_connection(uri, ec); conn_ptr_tls.get()->append_header("Authorization","Basic *****")