httpbin now uses Swagger/OpenAPI for endpoints, and path-positional args are mandatory. It would be possible to allow a test for user=foo, passwd="", but empty username seems more problematic. Do you really need that?

So one option is to create a second endpoint which tasks only /user and passwd is then "". Would that do it? Won't allow empty username, but a username of " " could be sent as /basic-auth/%20.

Otherwise I think url-query-string parameters will be required.

@javabrett Wow, thanks for the quick fix.

How often is httpbin.org updated? https://httpbin.org/basic-auth/foo doesn't currently work for testing with username and no password.

username seems more problematic. Do you really need that?

My use case is that I develop a web browser (NetSurf), and have just been reworking the handling of basic-auth. So I wanted, for testing purposes, some server that I could control the required access credentials for. I particularly want to test the edge cases, and check that NetSurf behaves the same as mainstream browsers.

https://tools.ietf.org/html/rfc7617#section-2 just says that the user-id string is concatenated with the ':' character and then with the password string. Either or both of the user-id and password string may be the empty string, "". So it would be neat to be able to test that somehow.

I've also asked on our mailing list for users to test, and mentioned httpbin: https://www.mail-archive.com/[email protected]/msg07539.html