Actions
Feature #4701
closedMinor fix for HTTP-header Basic auth & added support for HTTP-header Bearer authentication
Effort:
low
Difficulty:
low
Label:
Beginner, Python
Description
This is an improvement to what Andreas Dolp did in issue #4362
The suggested fix in https://github.com/OISF/suricata-update/pull/274 works fine for HTTP basic authentication flow cases, however it does not account for base64 special characters: + /.
The suggested fix will also allow most OAuth2 tokens to work with HTTP bearer authentication, there is unfortunately no standard as to what a OAuth2 token must be and is therefore left to the implementation server-side. However, most tokens should fall in the space of printable ASCII characters.
For a better explanation to why this is the case, I refer to this stackoverflow thread: https://stackoverflow.com/questions/50031993/what-characters-are-allowed-in-an-oauth2-access-token
Updated by Jacob Roed about 3 years ago
Actions