Skip to content

Digest auth should implement stale=True #24

New issue
New issue
Open
Open
Digest auth should implement stale=True#24
@kmanley

Description

@kmanley
kmanley
opened on Jan 7, 2016

From https://www.ietf.org/rfc/rfc2617.txt

The Authorization header may be included
preemptively; doing so improves server efficiency and avoids extra
round trips for authentication challenges. The server may choose to
accept the old Authorization header information, even though the
nonce value included might not be fresh. Alternatively, the server
may return a 401 response with a new nonce value, causing the client
to retry the request; by specifying stale=TRUE with this response,
the server tells the client to retry with the new nonce, but without
prompting for a new username and password.

Currently CheckAuth just returns if it doesn't find the nonce in its cache. Would be nice to support stale=TRUE.

I will send a PR

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions