From b60fb18a3377fe953e691d81578f62e49c0a0d10 Mon Sep 17 00:00:00 2001
From: Martin Kreichgauer <kreichgauer@gmail.com>
Date: Thu, 1 Aug 2013 13:48:12 +0200
Subject: [PATCH] Make TokenAuthentication RFC2617 compliant

RFC2617[0] requires that the scheme in the WWW-Authenticate header is `followed by a comma-separated list of attribute-value pairs which carry the parameters necessary for achieving authentication via that scheme.`. That list must not be empty: `challenge = auth-scheme 1*SP 1#auth-param`.

[0] http://tools.ietf.org/html/rfc2617#section-1.2
---
 rest_framework/authentication.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index cf001a24d..b7abd977e 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -142,6 +142,7 @@ class TokenAuthentication(BaseAuthentication):
     """
 
     model = Token
+    www_authenticate_realm = 'api'
     """
     A custom token model may be used, but must have the following properties.
 
@@ -176,7 +177,7 @@ class TokenAuthentication(BaseAuthentication):
         return (token.user, token)
 
     def authenticate_header(self, request):
-        return 'Token'
+        return 'Token realm="%s"' % self.www_authenticate_realm
 
 
 class OAuthAuthentication(BaseAuthentication):