Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: curl doesn't handle multiple WWW-Authenticate challenges properly (Negotiate)

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 28 Jan 2020 17:40:21 +0100 (CET)

On Tue, 28 Jan 2020, Mischa Salle wrote:

> Just for information, I ran into the same problem when trying to add both
> Basic and Bearer Authorization headers for an OAuth2 request.

The same issue, really? You seem to be talking about *sending* two
www-authorization headers while Michel mentioned *receiving* more than one
authentication method in a single header.

> I actually there also had the problem that --oauth2-bearer actually
> doesn't work for https.

This then sounds like a third issue. How doesn't it work? This sounds like an
issue nobody has told us about.

> Specifying both a --user client_id:client_secret and a -H "Authorization:
> Bearer myfirstbearertoken" only sends the latter it seems.

curl will only send one Authorization: header, that is true. I've never seen
or been told a use case before where someone needed more than one. 

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-28