Reputation: 5654
HTTP/HTTPS basic authentication: colon in username
This may be a basic question, but is it possible to have colon (":") in username when there is HTTP or HTTPS basic authentication ? If not, is there a way we can escape colon ?
Upvotes: 35
Views: 12636
Answers (2)
Reputation: 399
the RFC https://www.rfc-editor.org/rfc/rfc2617#section-2 states clearly that the username must not include a colon:
To receive authorization, the client sends the userid and password, separated by a single colon (":") character, within a base64 [7] encoded string in the credentials.`
basic-credentials = base64-user-pass
base64-user-pass = <base64 [4] encoding of user-pass, except not limited to 76 char/line>
user-pass = userid ":" password
userid = * <TEXT excluding ":">
password = *TEXT
Based on this, there is no way to use a colon within the username.
Upvotes: 38
Reputation: 3080
Looking at RFC - https://www.rfc-editor.org/rfc/rfc2617#section-2 and around the web, there doesn't seem to be escaping technique for colon in username. The only place extra you can have it is in password field.
If it is an option, you maybe can replace : with @ in auth level and ask users to do this.
Upvotes: 17
Related Questions
- HTTP basic authentication over SSL for REST API
- HTTP basic authentication URL with "@" in password
- Username and password in https url
- What are the exact semantics of the user name portion of an HTTP URL?
- Pass username and password in URL for HTTP Basic Auth
- HTTP Basic Authentication credentials passed in URL and encryption
- How do I use special characters (password) on the URL when dealing with HTTP authentication?
- Http basic authentication mechanism
- Can Basic HTTP authentication use a default username?
- Escaping username characters in basic auth URLs