-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add specCompliance option, option to set case insensitive for bearerType #172
Conversation
Signed-off-by: Aras Abbasi <aras.abbasi@googlemail.com>
@climba03003 I applied the requested change by @climba03003 . I personally dont know why rfc6749 is case insensitive but rfc6750 is case sensitive. I feel a little bit "blind" now after reading multiple times in these rfcs. But I trust your assessment. ;). |
Co-authored-by: KaKa <23028015+climba03003@users.noreply.github.com> Signed-off-by: Aras Abbasi <aras.abbasi@googlemail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Happy new year, lol |
Could you please clarify where you think RFC6750 says the HTTP authentication scheme name should be treated case sensitively? I cannot find this stated. I know that people do often look at this section https://www.rfc-editor.org/rfc/rfc6750#section-2.1 where it says:
and assume this means case sensitive, however as per the document that defines this ABNF syntax, https://www.rfc-editor.org/rfc/rfc5234#section-2.3 (see screenshot below), this is defining "Bearer" to be case insensitive: The underlying spec that defines HTTP authentication (which is what RFC6750 builds upon), https://www.rfc-editor.org/rfc/rfc9110#name-authentication-scheme states: "It uses a case-insensitive token to identify the authentication scheme:”) |
@jogu According to the issue linked from this PR and all the reference inside. |
Yeah, definitely. As I said in oauth-wg/oauth-v2-1#166 I hope this can be clarified in the upcoming 2.1 revision of the OAuth specification so that it's not such a big issue in the future. |
Resolves #169
Checklist
npm run test
andnpm run benchmark
and the Code of conduct