dicoogle icon indicating copy to clipboard operation
dicoogle copied to clipboard

Published 20 hours ago verified publisher icon bioinformatics-ua

Adjust user authentication for compliance to HTTP

Open Enet4 opened this issue 9 years ago • 1 comments

At the moment, consumers of our web services should provide an Authorization header on their request, containing nothing more but the Dicoogle session token. According to RFC2617, this header should actually contain credentials of the form below, for compliance:

credentials = auth-scheme #auth-param

Therefore, we should either use this header properly, keep this information in another header, or rely on other mechanisms for this purpose.

Enet4 avatar May 04 '16 14:05 Enet4

Let me refer to the RFC 7235 as it obsoletes and updates the RFC 2617.

Also, once we are discussing this matter, we should also address the JWT RFC 7519.

rlebre avatar Feb 10 '20 16:02 rlebre