Digest access authentication: 401 response messages with WWW-Authenticate
Opened this issue · 1 comments
naturallymitchell commented
naturallymitchell commented
if
request not signed
and method not GET OR POST
and path is /profile/new
then
header {
status=401
www-authenticate= Signature algorithm=ed25519,headers="(request-target) host date digest content-length",signature
}
end
request needs to add
Authorization:
Signature keyId=[profile-uuid],algorithm="ed25519",
headers="(request-target) host date digest content-length",
signature="Base64(ed25519(signing string))"
https://tools.ietf.org/html/draft-cavage-http-signatures-10#section-3.1.1
https://tools.ietf.org/html/rfc2617#section-3.2.1