What are the valid characters in http Authorization header
RFC 2616, 14.8 Authorization:
Authorization = "Authorization" ":" credentialsRFC 2616, 11 Access Authentication:
This specification adopts the definitions of [..]
"credentials"from [RFC 2617].RFC 2617, 1.2 1.2 Access Authentication Framework:
credentials = auth-scheme #auth-param auth-scheme = token auth-param = token "=" ( token | quoted-string )RFC 2617, 2 Basic Authentication Scheme
For Basic, the framework above is utilized as follows: credentials = "Basic" basic-credentials
So after the fixed Authorization: part, you can use:
token, followed by an optional"=" (token | quoted-string)(see page 16 of RFC 2616) when using Digest or any other unspecified authentication scheme, or"Basic" basic-credentialswhen using Basic authentication, wherebasic-credentialsare base64-encoded according to RFC 2045.
I guess though that you're actually trying to ask a different question. Do you have any trouble regarding implementing a specific authorization mechanism? In what language are you trying to implement that, what code do you currently have and what is the problem?
Don't worry about the soon-to-be-obsoleted specs and look here: http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p7-auth-24.html##challenge.and.response
Valid characters in an Authorization token
The specifications are really hard to read, but as I understand them a token can contain any of the following ASCII characters:
Char Dec Col/Row Oct Hex Name and Description
(!) 33 02/01 41 21 EXCLAMATION MARK
(#) 35 02/03 43 23 NUMBER SIGN
($) 36 02/04 44 24 DOLLAR SIGN
(%) 37 02/05 45 25 PERCENT SIGN
(&) 38 02/06 46 26 AMPERSAND
(') 39 02/07 47 27 APOSTROPHE
(*) 42 02/10 52 2A ASTERISK
(+) 43 02/11 53 2B PLUS SIGN
(-) 45 02/13 55 2D HYPHEN, MINUS SIGN
(.) 46 02/14 56 2E PERIOD, FULL STOP
(0) 48 03/00 60 30 DIGIT ZERO
(1) 49 03/01 61 31 DIGIT ONE
(2) 50 03/02 62 32 DIGIT TWO
(3) 51 03/03 63 33 DIGIT THREE
(4) 52 03/04 64 34 DIGIT FOUR
(5) 53 03/05 65 35 DIGIT FIVE
(6) 54 03/06 66 36 DIGIT SIX
(7) 55 03/07 67 37 DIGIT SEVEN
(8) 56 03/08 70 38 DIGIT EIGHT
(9) 57 03/09 71 39 DIGIT NINE
(A) 65 04/01 101 41 CAPITAL LETTER A
(B) 66 04/02 102 42 CAPITAL LETTER B
(C) 67 04/03 103 43 CAPITAL LETTER C
(D) 68 04/04 104 44 CAPITAL LETTER D
(E) 69 04/05 105 45 CAPITAL LETTER E
(F) 70 04/06 106 46 CAPITAL LETTER F
(G) 71 04/07 107 47 CAPITAL LETTER G
(H) 72 04/08 110 48 CAPITAL LETTER H
(I) 73 04/09 111 49 CAPITAL LETTER I
(J) 74 04/10 112 4A CAPITAL LETTER J
(K) 75 04/11 113 4B CAPITAL LETTER K
(L) 76 04/12 114 4C CAPITAL LETTER L
(M) 77 04/13 115 4D CAPITAL LETTER M
(N) 78 04/14 116 4E CAPITAL LETTER N
(O) 79 04/15 117 4F CAPITAL LETTER O
(P) 80 05/00 120 50 CAPITAL LETTER P
(Q) 81 05/01 121 51 CAPITAL LETTER Q
(R) 82 05/02 122 52 CAPITAL LETTER R
(S) 83 05/03 123 53 CAPITAL LETTER S
(T) 84 05/04 124 54 CAPITAL LETTER T
(U) 85 05/05 125 55 CAPITAL LETTER U
(V) 86 05/06 126 56 CAPITAL LETTER V
(W) 87 05/07 127 57 CAPITAL LETTER W
(X) 88 05/08 130 58 CAPITAL LETTER X
(Y) 89 05/09 131 59 CAPITAL LETTER Y
(Z) 90 05/10 132 5A CAPITAL LETTER Z
(^) 94 05/14 136 5E CIRCUMFLEX ACCENT
(_) 95 05/15 137 5F LOW LINE, UNDERLINE
(`) 96 06/00 140 60 GRAVE ACCENT
(a) 97 06/01 141 61 SMALL LETTER a
(b) 98 06/02 142 62 SMALL LETTER b
(c) 99 06/03 143 63 SMALL LETTER c
(d) 100 06/04 144 64 SMALL LETTER d
(e) 101 06/05 145 65 SMALL LETTER e
(f) 102 06/06 146 66 SMALL LETTER f
(g) 103 06/07 147 67 SMALL LETTER g
(h) 104 06/08 150 68 SMALL LETTER h
(i) 105 06/09 151 69 SMALL LETTER i
(j) 106 06/10 152 6A SMALL LETTER j
(k) 107 06/11 153 6B SMALL LETTER k
(l) 108 06/12 154 6C SMALL LETTER l
(m) 109 06/13 155 6D SMALL LETTER m
(n) 110 06/14 156 6E SMALL LETTER n
(o) 111 06/15 157 6F SMALL LETTER o
(p) 112 07/00 160 70 SMALL LETTER p
(q) 113 07/01 161 71 SMALL LETTER q
(r) 114 07/02 162 72 SMALL LETTER r
(s) 115 07/03 163 73 SMALL LETTER s
(t) 116 07/04 164 74 SMALL LETTER t
(u) 117 07/05 165 75 SMALL LETTER u
(v) 118 07/06 166 76 SMALL LETTER v
(w) 119 07/07 167 77 SMALL LETTER w
(x) 120 07/08 170 78 SMALL LETTER x
(y) 121 07/09 171 79 SMALL LETTER y
(z) 122 07/10 172 7A SMALL LETTER z
(|) 124 07/12 174 7C VERTICAL LINE, VERTICAL BAR
(~) 126 07/14 176 7E TILDE
The following can also be included but they must be in a quoted string:
Char Dec Col/Row Oct Hex Name and Description
9 00/09 11 09 HT (Ctrl-I) HORIZONTAL TAB
10 00/10 12 0A LF (Ctrl-J) LINE FEED
13 00/13 15 0D CR (Ctrl-M) CARRIAGE RETURN
( ) 32 02/00 40 20 SPACE
(") 34 02/02 42 22 QUOTATION MARK
(() 40 02/08 50 28 LEFT PARENTHESIS
()) 41 02/09 51 29 RIGHT PARENTHESIS
(,) 44 02/12 54 2C COMMA
(/) 47 02/15 57 2F SOLIDUS, SLASH
(:) 58 03/10 72 3A COLON
(;) 59 03/11 73 3B SEMICOLON
(<) 60 03/12 74 3C LESS-THAN SIGN, LEFT ANGLE BRACKET
(=) 61 03/13 75 3D EQUALS SIGN
(>) 62 03/14 76 3E GREATER-THAN SIGN, RIGHT ANGLE BRACKET
(?) 63 03/15 77 3F QUESTION MARK
(@) 64 04/00 100 40 COMMERCIAL AT SIGN
([) 91 05/11 133 5B LEFT SQUARE BRACKET
(\) 92 05/12 134 5C REVERSE SOLIDUS (BACKSLASH)
(]) 93 05/13 135 5D RIGHT SQUARE BRACKET
({) 123 07/11 173 7B LEFT CURLY BRACKET, LEFT BRACE
(}) 125 07/13 175 7D RIGHT CURLY BRACKET, RIGHT BRACE
Columns and formatting taken from here.
Specs
Here are the Docs:
Many HTTP/1.1 header field values consist of words separated by LWS [Carriage Return, Line Feed, Space, Horizontal Tab] or special characters. These special characters MUST be in a quoted string to be used within a parameter value (as defined in section 3.6).
token = 1*<any CHAR except CTLs or separators> separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT
Notes
- Base64 and Base64Url are subsets of the above character set, so if in doubt you can always encode your Authentication header with one of them.
- Thanks to @CodeCaster for pointing me in the right direction.