errata logo graphic

RFC2617, "HTTP Authentication: Basic and Digest Access Authentication", June 1999

Source of RFC: http (app)

Errata ID: 1959

Status: Verified
Type: Technical

Reported By: Julian Reschke
Date Reported: 2009-12-10
Verifier Name: Alexey Melnikov
Date Verified: 2009-12-27

Section 1.2 p4 says:

       credentials = auth-scheme #auth-param

It should say:

       credentials = auth-scheme ( token | quoted-string | #auth-param )

Notes:

Alexey Melnikov (updated as per suggestion from Paul Leach):

auth-param doesn't allow for parameters with no '=', so Basic is non conformant to the generic syntax.

Multiple versions of token/quoted-string (with no attribute name) is not allowed, as none of the existing scheme not using auth-param supports that.

(Note that RFC 2617 is using BNF from RFC 2616, which allows for implied LWS.)


Report New Errata