On Tue, Jan 28, 2020 at 4:23 PM Daniel Stenberg via curl-library <curl-library@cool.haxx.se> wrote: > > On Tue, 28 Jan 2020, Jung Michel via curl-library wrote: > > > However, if the 401 response contains more than one challenge, like so: > > > > WWW-Authenticate: Negotiate, Basic realm="TM1" > > This is accurate. curl doesn't handle multiple authentications specified on > the same physical line, but will deal with them if they arrive in multiple > headers. This limitation actually affects all HTTP authentication methods, not > just Negotiate. > > Amazingly enough, this is something that is extremely rare in practise in the > wild and therefore has not been much of a problem.
Just for information, I ran into the same problem when trying to add both Basic and Bearer Authorization headers for an OAuth2 request. I actually there also had the problem that --oauth2-bearer actually doesn't work for https. Specifying both a --user client_id:client_secret and a -H "Authorization: Bearer myfirstbearertoken" only sends the latter it seems. Usually you can easily work around these things by manually setting all the headers using the -H flag but it's a bit frustrating. Best, Mischa > > You interested in diving in and work on fixing this? > > -- > > / daniel.haxx.se | Commercial curl support up to 24x7 is available! > | Private help, bug fixes, support, ports, new features > | https://www.wolfssl.com/contact/ > ------------------------------------------------------------------- > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
