Summary
The authentication credentials, token cache, and credential-stamping policies are implemented. The remaining part of the auth design is RFC 7235 challenge handling — responding to a server 401/407 with a WWW-Authenticate/Proxy-Authenticate challenge.
Scope
AuthenticationChallenge.Parse — parse WWW-Authenticate / Proxy-Authenticate headers (scheme + parameters + token68), supporting multiple challenges.ChallengeHandler (abstract) + BasicChallengeHandler (RFC 7617) + CompositeChallengeHandler (selects a handler for a challenge set).- Wire
BearerTokenAuthPolicy to re-acquire once on a 401 carrying a challenge.
Notes
Summary
The authentication credentials, token cache, and credential-stamping policies are implemented. The remaining part of the auth design is RFC 7235 challenge handling — responding to a server
401/407with aWWW-Authenticate/Proxy-Authenticatechallenge.Scope
AuthenticationChallenge.Parse— parseWWW-Authenticate/Proxy-Authenticateheaders (scheme + parameters + token68), supporting multiple challenges.ChallengeHandler(abstract) +BasicChallengeHandler(RFC 7617) +CompositeChallengeHandler(selects a handler for a challenge set).BearerTokenAuthPolicyto re-acquire once on a401carrying a challenge.Notes
docs/superpowers/specs/2026-06-14-auth-slice-design.md§6).