Skip to content

Make r.m.authorization/parse-authorization public#14

Draft
devurandom wants to merge 1 commit intoring-clojure:masterfrom
devurandom:ds/expose-parse-credentials
Draft

Make r.m.authorization/parse-authorization public#14
devurandom wants to merge 1 commit intoring-clojure:masterfrom
devurandom:ds/expose-parse-credentials

Conversation

@devurandom
Copy link
Copy Markdown
Contributor

@devurandom devurandom commented Apr 10, 2026
edited
Loading

Make the existing ring.middleware.authorization/parse-authorization
function public and make it take the Authorization header value as
input.

According to RFC 7235 Section 2 and RFC 9110 Section 11, the value
credentials of the Authorization HTTP request header has the same
structure as each of the comma-separated challenges of the
WWW-Authenticate HTTP response header, which allows to reuse this
function also for parsing responses:

@devurandom devurandom force-pushed the ds/expose-parse-credentials branch 2 times, most recently from 798d410 to 15cab0c Compare April 10, 2026 16:53
@devurandom devurandom changed the title Provide parse-credentials function to parse Authorization or WWW-Authenticate headers Make r.m.authorization/parse-authorization public Apr 10, 2026
@devurandom devurandom force-pushed the ds/expose-parse-credentials branch 4 times, most recently from 458e35a to a76dd57 Compare April 10, 2026 17:42
@devurandom
Make r.m.authorization/parse-authorization public
e848e51 
Make the existing ring.middleware.authorization/parse-authorization
function public and make it take the Authorization header value as
input.

According to RFC 7235 Section 2 and RFC 9110 Section 11, the value
credentials of the Authorization HTTP request header has the same
structure as each of the comma-separated challenges of the
WWW-Authenticate HTTP response header, which allows to reuse this
function also for parsing responses:
  * https://datatracker.ietf.org/doc/html/rfc7235#section-2
  * https://datatracker.ietf.org/doc/html/rfc9110#section-11
@devurandom devurandom force-pushed the ds/expose-parse-credentials branch from a76dd57 to e848e51 Compare April 10, 2026 17:42
@devurandom devurandom marked this pull request as draft April 10, 2026 17:44
@weavejester
Copy link
Copy Markdown
Member

weavejester commented Apr 10, 2026

Is the purpose of making this function public to parse the www-authenticate response header? Could you expand on the use-case you expect for this function?

@devurandom
Copy link
Copy Markdown
Contributor Author

devurandom commented Apr 12, 2026

Is the purpose of making this function public to parse the www-authenticate response header? Could you expand on the use-case you expect for this function?

Yes, since challenge and credentials have the same ABNF in RFC 7235 and 9110, I would like to also use the function to parse www-authenticate.

My use case is implementing this flow: https://docs.docker.com/reference/api/registry/auth/
The registry server responds with something like Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:samalba/my-app:pull,push" and I want to parse this and request a token from the authentication server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@devurandom @weavejester