David Ebbo
Reputation: 43203
Escaping username characters in basic auth URLs
When using http basic authentication, the username can be passed in the URL, e.g.
http://[email protected]/path/
But now suppose the username is an email address, e.g. [email protected]. Doing this is clearly ambiguous:
http://[email protected]@foo.com/path/
Is there a way to escape the @ character in the username? I tried standard URL encoding:
http://david%[email protected]/path/
But that didn't do it.
Upvotes: 69
Views: 62023
Answers (1)
sagi
Reputation: 5757
According to RFC 3986, section 3.2.1, it needs to be percent encoded:
userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
So it looks like
http://david%[email protected]/path/
Is right. Where are you trying to read it? Maybe you need to manually decode the value?
Upvotes: 95
Related Questions
- URL: Username with @
- HTTP URL - allowed characters in parameter names
- What are the exact semantics of the user name portion of an HTTP URL?
- Pass username and password in URL for HTTP Basic Auth
- Hide user and password in url when using http basic access authentication
- How do I use special characters (password) on the URL when dealing with HTTP authentication?
- HTTP/HTTPS basic authentication: colon in username
- Can Basic HTTP authentication use a default username?
- How do I have to escape ampersands in URLs when logging in with OpenID?
- Embedding User + Password data for HTTP Basic Access Authentication in Querystring