Project

General

Profile

Actions

Feature #4701

closed

Minor fix for HTTP-header Basic auth & added support for HTTP-header Bearer authentication

Added by Jacob Roed about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Low
Assignee:
Target version:
Effort:
low
Difficulty:
low
Label:
Beginner, Python

Description

This is an improvement to what Andreas Dolp did in issue #4362

The suggested fix in https://github.com/OISF/suricata-update/pull/274 works fine for HTTP basic authentication flow cases, however it does not account for base64 special characters: + /.

The suggested fix will also allow most OAuth2 tokens to work with HTTP bearer authentication, there is unfortunately no standard as to what a OAuth2 token must be and is therefore left to the implementation server-side. However, most tokens should fall in the space of printable ASCII characters.

For a better explanation to why this is the case, I refer to this stackoverflow thread: https://stackoverflow.com/questions/50031993/what-characters-are-allowed-in-an-oauth2-access-token

Actions #2

Updated by Jason Ish about 3 years ago

  • Target version changed from 1.3.0 to 1.2.3
Actions #3

Updated by Jason Ish about 3 years ago

  • Status changed from New to Closed
Actions

Also available in: Atom PDF