### Copyright Header Example Source: https://github.com/hstern/go-stepup/blob/main/AGENTS.md Every .go file must begin with this copyright header before the package line. ```go // Copyright 2026 The go-stepup Authors // SPDX-License-Identifier: Apache-2.0 ``` -------------------------------- ### Resource server — emit a step-up challenge Source: https://github.com/hstern/go-stepup/blob/main/README.md Emits a step-up challenge in the WWW-Authenticate header. ```go package main import ( "net/http" "github.com/hstern/go-stepup" ) func stepUpRequired(w http.ResponseWriter, _ *http.Request) { ch := &stepup.Challenge{ Realm: "api.example.com", ErrorCode: stepup.ErrorInsufficientUserAuthentication, ErrorDescription: "MFA required for this resource", ACRValues: []string{"urn:mace:incommon:iap:silver"}, } ch.WriteHeader(w.Header()) w.WriteHeader(http.StatusUnauthorized) } ``` -------------------------------- ### Client — parse a step-up challenge from a 401 response Source: https://github.com/hstern/go-stepup/blob/main/README.md Parses WWW-Authenticate header to extract step-up challenges. ```go package main import ( "log" "net/http" "github.com/hstern/go-stepup" ) func handle(resp *http.Response) { challenges, err := stepup.ParseHeader(resp.Header) if err != nil { log.Fatal(err) // malformed WWW-Authenticate header } for _, c := range challenges { log.Printf("step-up required: acr_values=%v max_age=%v", c.ACRValues, c.MaxAge) // Trigger re-authentication at the requested ACR / max_age. } } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.