basic HTTP authentication support
HTTP authentication is done with 3 things:
- a header clients are required to add
- a specific Unauthorized HTTP error (same as other HTTP standard errors so nothing really new)
- a header added in error response (supposed to only help client for basic authentication).
On the client side it is the basic authentication is really basic:
- you have a user id which is a string with no embedded colon (character ':') in it. It is not required by the standard but it makes sense too to require the string to not be empty.
- a password which can be any string
- a secret with user:password (concat user, ':' and password) is built
- this secret is encoded into UTF-8. This allows to use 8 bits per byte...
- the UTF-8 secret is encoded in base64 (noted base64 below)
- the header is between quotes "Authorization: Basic base64\r\n"
So with the server address and port (or URL) you have to optionally specify user id and password. In curl the argument -u or --user takes user:password. Note that the old idea to put the user id and password in the URL is now strongly not recommended.
You can check if there is a colon in the user id as some other tools do it.
if the user id is not empty you generate the header and add it.
You should check too that HTTP errors are correctly handled (Kea code is in 1304 ticket). Note it is 401 (not 1) and the JSON content is a map (not a list even from the control agent).
UPDATE: Let's scope it to being able to use Kea's basic http authentication. This is something that was requested by a customer that's testing kea 1.9.0 with basic auth. For details, see kea#1304 (closed)