According to RFC 7616, the key 'opaque' is utilized by servers to transport state information for the digest challenge. There is not a requirement that says the value cannot be an empty string.
If a server sends a digest challenge as follows:
WWW-Authenticate: Digest realm="Use service as User Name in order to log in to the respective level",nonce="6afd170437eb5144258b308f7c491d96",opaque="",stale=FALSE,algorithm=MD5,qop="auth"
Then in DigestResponse::Parse in the file AuthenticationHelper.Digest.cs, the .Net Core parser for the challenge will break out without having read the rest of the http digest challenge. As a result, the authentication helper will not user the correct Digest Hash scheme because it failed to read the qop value in the challenge.
According to RFC 7616, the key 'opaque' is utilized by servers to transport state information for the digest challenge. There is not a requirement that says the value cannot be an empty string.
If a server sends a digest challenge as follows:
WWW-Authenticate: Digest realm="Use service as User Name in order to log in to the respective level",nonce="6afd170437eb5144258b308f7c491d96",opaque="",stale=FALSE,algorithm=MD5,qop="auth"Then in DigestResponse::Parse in the file AuthenticationHelper.Digest.cs, the .Net Core parser for the challenge will break out without having read the rest of the http digest challenge. As a result, the authentication helper will not user the correct Digest Hash scheme because it failed to read the qop value in the challenge.