Menu
When using http basic authentication, the username can be passed in the URL, e.g.
http://[email protected]/path/ But now suppose the username is an email address, e.g. [email protected]. Doing this is clearly ambiguous:
http://[email protected]@foo.com/path/ Is there a way to escape the @ character in the username? I tried standard URL encoding:
http://david%[email protected]/path/ But that didn't do it.
931
We can do HTTP basic authentication URL with @ in password. We have to pass the credentials appended with the URL. The username and password must be added with the format − https://username:password@URL.
1 Answer. It is indeed not possible to pass the username and password via query parameters in standard HTTP auth. Instead, you use a special URL format, like this: http://username:[email protected]/ -- this sends the credentials in the standard HTTP "Authorization" header.
Basic Authentication wasn't designed to manage logging out. You can do it, but not completely automatically. What you have to do is have the user click a logout link, and send a '401 Unauthorized' in response, using the same realm and at the same URL folder level as the normal 401 you send requesting a login.
Special characters Usernames can contain letters (a-z), numbers (0-9), and periods (.). Usernames cannot contain an ampersand (&), equals sign (=), underscore (_), apostrophe ('), dash (-), plus sign (+), comma (,), brackets (<,>), or more than one period (.) in a row.
According to RFC 3986, section 3.2.1, it needs to be percent encoded:
userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) So it looks like
http://david%[email protected]/path/ Is right. Where are you trying to read it? Maybe you need to manually decode the value?
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
