Opaque field ignored

[samizdatco]

the opaque field is not used when generating challenges, nor is it validated when included in an authentication request. is this a significant omission? the spec makes it seem as though it only exists as a convenience to stash state in, but i could believe some software out there depends upon it...

[erikdubbelboer]

See https://github.com/samizdatco/nginx-http-auth-digest/blob/bd1c86a8c838bfd63de67c896e2e36ae1070cdb3/bugs.txt#L22-L25