All supported HTTP auth methods use both username and password, so assume a password of "" if none is given