Basic authentication: Difference between revisions

From Barion Documentation
Jump to navigation Jump to search
No edit summary
No edit summary
Line 2: Line 2:


A client that wants to authenticate itself with the server can do so by including an Authorization request header field with the credentials. In the case of a "Basic" authentication, the exchange must happen over an HTTPS (TLS) connection. Username and password are passed over the network as a base64 encoded string with a ":" separated. The following is a correct example of the Authorization header:<br/>
A client that wants to authenticate itself with the server can do so by including an Authorization request header field with the credentials. In the case of a "Basic" authentication, the exchange must happen over an HTTPS (TLS) connection. Username and password are passed over the network as a base64 encoded string with a ":" separated. The following is a correct example of the Authorization header:<br/>
<br/>
<code>Authorization: Basix YWxhZGRpbjpvcGVuc2VzYW1l</code>
<code>Authorization: Basix YWxhZGRpbjpvcGVuc2VzYW1l</code>
 
<br/>
If the "Authorization" header is present, username and password will be fetched form the header, the ones passed in the querystring will be ignored. Should the authentication be unsuccessful (either username and/or password could not be decoded from the header, or the authentication type is not basic) HTTP 401 (Unathorized) will be the response. Invalid username/password yields a HTTP 400 (Bad Request) response. If the "Authorization" header is not present, credentials will retrieved from the querystring.
If the "Authorization" header is present, username and password will be fetched form the header, the ones passed in the querystring will be ignored. Should the authentication be unsuccessful (either username and/or password could not be decoded from the header, or the authentication type is not basic) HTTP 401 (Unathorized) will be the response. Invalid username/password yields a HTTP 400 (Bad Request) response. If the "Authorization" header is not present, credentials will retrieved from the querystring.

Revision as of 12:44, 3 December 2019

Basic Authentication

A client that wants to authenticate itself with the server can do so by including an Authorization request header field with the credentials. In the case of a "Basic" authentication, the exchange must happen over an HTTPS (TLS) connection. Username and password are passed over the network as a base64 encoded string with a ":" separated. The following is a correct example of the Authorization header:

Authorization: Basix YWxhZGRpbjpvcGVuc2VzYW1l
If the "Authorization" header is present, username and password will be fetched form the header, the ones passed in the querystring will be ignored. Should the authentication be unsuccessful (either username and/or password could not be decoded from the header, or the authentication type is not basic) HTTP 401 (Unathorized) will be the response. Invalid username/password yields a HTTP 400 (Bad Request) response. If the "Authorization" header is not present, credentials will retrieved from the querystring.