MrBackend
Reputation: 667
Basic Access Authentication: Encoding of ':' and non-ASCII code points
For the base64-user-pass value in the Authorization header, is there a standard/de facto way to base64-encode usernames and passwords which contain code points which don't fit into an OCTET, or usernames which contain a colon (which is explicitly prohibited by RFC 2617)?
Upvotes: 0
Views: 78
Answers (1)
Julian Reschke
Reputation: 42045
1) Yes, but only proposed and not implemented (AFAIK): https://greenbytes.de/tech/webdav/rfc7617.html#charset
2) No.
Upvotes: 1
Related Questions
- What encoding should I use for HTTP Basic Authentication?
- What are the valid characters in http Authorization header
- Why Base64 in Basic Authentication
- Non-latin HTTP Basic Authentication message encoding / NGINX
- Base 64 encoding in HTTP Basic Auth
- What are these extra bytes in the http basic header?
- Base64 Encoding Basic Authentication Header Apache HTTP Client
- Can't solve an issue with HTTP Basic Authentication - Illegal character in message header (resulting from an HMAC encoding)
- HTTP basic authentication fails using "Authorization: Basic ".base64_encode("$user:$pass")
- security for http headers