Provide parse-credentials function to parse Authorization or WWW-Authenticate headers

Modify the existing `parse-authorization` function to take the
`Authorization` header value as input and make it public.

According to RFC 7235 Section 2 and RFC 9110 Section 11, the value
`credentials` of the `Authorization` HTTP request header has the same
structure as each of the comma-separated `challenge`s of the
`WWW-Authenticate` HTTP response header, which allows to reuse this
function also for parsing responses:
  * https://datatracker.ietf.org/doc/html/rfc7235#section-2
  * https://datatracker.ietf.org/doc/html/rfc9110#section-11

Author: devurandom

src/ring/middleware/authorization.clj

@@ -16,10 +16,14 @@
           {}
           (str/split auth-params #"\s*,\s*")))
 
-(defn- parse-authorization [request]
+(defn- parse-credentials
+  "Parse `credentials` as used in the `Authorization` header of an HTTP request.
+
+  Note: The `WWW-Authenticate` header of an HTTP response contains a comma-separated list of `challenge`s,
+  which each happen to have the same structure as the single `credentials` in the `Authorization` header."
+  [credentials]
   (when-let [[auth-scheme token-or-params]
-             (some-> (get-in request [:headers "authorization"])
-                     (str/split #"\s" 2))]
+             (some-> credentials (str/split #"\s" 2))]
     (cond
       (empty? token-or-params)
       {:scheme (str/lower-case auth-scheme)}
@@ -37,7 +41,7 @@
   [request]
   (if (:authorization request)
     request
-    (assoc request :authorization (parse-authorization request))))
+    (assoc request :authorization (parse-credentials (get-in request [:headers "authorization"])))))
 
 (defn wrap-authorization
   "Parses the Authorization header in the request map, then assocs the result