I'm trying to parse Authorization request headers, see https://www.ietf.org/rfc/rfc2617.txt section 3.2.2. There, digest-response is defined as following:
digest-response = 1#( username | realm | nonce | digest-uri
| response | [ algorithm ] | [cnonce] |
[opaque] | [message-qop] |
[nonce-count] | [auth-param] )
The augmented BNF which is used here is defined in http://www.ietf.org/rfc/rfc2068.txt, section 2.1.
If I'm right, a digest-response is (by the above definition) a list of at least one element, each separated by one ore more commas, and optional linear whitespace.
I have some questions regarding the definition of the digest-response:
1) Is the following digest-response valid (if not, why)? username_1, username_2
2) Is the following digest-response valid (if not, why)? username, realm, nonce, digest-uri
3) Is the following digest-response valid (if not, why)? username_1, realm, nonce, digest-uri, response, username_2
4) Ho do the possible productions for 1#(a | b) and 1#(a | [b]) look like, and what is the difference?
Thanks
I would recommend that you read
http://trac.tools.ietf.org/html/draft-ietf-httpauth-digest-07
instead; and if there are questions left then please follow up on the httpauth mailing list.