Java implemented utilities designed to RFC6750 specifications.
-
realmRFC2617-1.2 RFC6750:
The "realm" is OPTIONAL.
The "realm" attribute MUST NOT appear more than once. -
scopeRFC6749-3.3 RFC6750:
The "scope" is OPTIONAL.
The "scope" attribute MUST NOT appear more than once.
RFC6750 states:
If the protected resource request included an access token and failed authentication, the resource server SHOULD include the "error" attribute to provide the client with the reason why the access request was declined.
(Therfore theseauth-paramsare optional.)
The "error", "error_description", and "error_uri" attributes MUST NOT appear more than once.
errorerror_descriptionerror_uri
The auth-params listed so far are only the ones described in RFC6750.
Custom auth-params or auth-params defined in related RFC's, like the ones references in this README, are also allowed; Those other auth-params are optional, and can occur more than once in the WWW-Authenticate response header unless otherwise outlined from the respective RFC in which they are defined.
The builder provided in this library imposes an order to the auth-params as they are present in the builder at the time of building. That order is the same as the order of appearance in this README which is the same order they are found in RFC6750.