Skip to content

feat: handle merged WWW-Authenticate challenges#170

Open
stevencartavia wants to merge 2 commits intotempoxyz:mainfrom
stevencartavia:multi-method-402
Open

feat: handle merged WWW-Authenticate challenges#170
stevencartavia wants to merge 2 commits intotempoxyz:mainfrom
stevencartavia:multi-method-402

Conversation

@stevencartavia
Copy link
Copy Markdown
Contributor

@stevencartavia stevencartavia commented Mar 26, 2026

Support 402 responses with multiple payment challenges across one or more WWW-Authenticate headers.

brendanjryan
brendanjryan requested changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@brendanjryan brendanjryan left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! One comment re: compatability of splitting

--

The splitter only ends a Payment challenge when it finds the next Payment.

This breaks valid headers where Payment is followed by another scheme:

Payment id="a", realm="api", method="tempo", intent="charge", request="e30", Basic realm="login"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brendanjryan brendanjryan brendanjryan approved these changes

@mattsse mattsse Awaiting requested review from mattsse mattsse is a code owner

@onbjerg onbjerg Awaiting requested review from onbjerg onbjerg is a code owner

@Slokh Slokh Awaiting requested review from Slokh Slokh is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stevencartavia @brendanjryan