Why should you base64 encode the Authorization header?

后端 未结 4 639
轻奢々
轻奢々 2021-02-08 13:56

Twitter\'s API requires sending an Authorization header that is a base64 encoding of an API key concatenated with an API secret key. In Node, I use:

var base64 =         


        
4条回答
  •  不知归路
    2021-02-08 14:59

    Eventhough I can't find it in the w3 documentation, I believe that it is just protocol to encode the credentials of the Authorization header to base64, no matter what content it has. In the case of Twitter it doesn't make much difference as you said, but in other cases the credentials can contain these characters. To keep it uniform and prevent mistakes of whether it should be encoded or not, all credentials should be encoded.

    Another reason could be, that browsers also encode the credentials the same way. Twitter probably also wants to accept that.

提交回复
热议问题