Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Password with a colon fails basic auth?

Tags:

java

I'm using basic auth. If my password contains a colon, I seem to get a failure to authenticate. Are colons not allowed in a password? How I'm authenticating:

DefaultHttpClient client = new DefaultHttpClient();
HttpRequestInterceptor preemptiveAuth = new HttpRequestInterceptor() {
    ...
};
client.addRequestInterceptor(preemptiveAuth, 0);
client.getCredentialsProvider().setCredentials(
  new AuthScope("example.com", 443),
  new UsernamePasswordCredentials("me", "password:test"));

Passwords without a colon always work. Passwords with a colon always fail. Do I have to escape the password somehow before handing it to the UsernamePasswordCredentials class constructor? I know basicauth uses the username/password separated by a colon, then base64 encoded, is that what the problem is here?

Thanks

---- Update ------

Thanks all, yes was a problem in the server I was communicating with!

like image 356
user291701 Avatar asked Oct 21 '10 18:10

user291701


1 Answers

It should work. RFC2617 is the RFC around HTTP authentication. The spec does not place any restriction on the characters used within a password, only on the username;

To receive authorization, the client sends the userid and password, separated by a single colon (":") character, within a base64 [7] encoded string in the credentials.

  basic-credentials = base64-user-pass
  base64-user-pass  = <base64 [4] encoding of user-pass,
                      except not limited to 76 char/line>
  user-pass   = userid ":" password
  userid      = *<TEXT excluding ":">
  password    = *TEXT
like image 72
blowdart Avatar answered Sep 20 '22 09:09

blowdart