![]() This last example tells the client that it should authenticate to the server using a Signature (along with the expected parameters). The server should have sent this string instead : WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length" Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length" I wrote that it is indeed an Authorization header because the header received starts with the string "Authorization:", instead of "WWW-Authenticate:". world-check world-check-one authentication error-401 For instance, we use a gateway that handles all authorization computing for different providers, and it cannot process refinitiv queries because of this issue.Īre you aware of this issue, and do you plan to fix this at some point ? This is indeed an " Authorization" header, not a This might be fine for code crafted especially to access the refinitiv server, but it won't work for generic code (gateways and/or proxies, etc.). However, when the refinitiv server returns 401, it returns the following header : Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length" ![]() WWW-Authenticate header field containing at least one challenge. ![]() As per section 4.1 of RFC-7235, when an HTTP server returns a 401 response, it must also return a WWW-Authenticate header : A server generating a 401 (Unauthorized) response MUST send a
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |