What types of authentications are supported by HTTP?

Asked

Viewed 584 times

5

I intend to delve deeper into authentications that are in the context of HTTP protocol, however, I don’t know their types.

Therefore, I would like a brief explanation regarding the authentications supported by HTTP and how they work.

1 answer

5


Basic: Basic Authentication is the most common authentication system of the HTTP protocol. It is included in the HTTP request header in this way:

Authorization: Basic {credenciais em base 64 no formato usuário:senha}

Remember that Base 64 is an encryption scheme and not an encryption scheme. Therefore, you MUST use it only with an HTTPS (TLS) connection. The use of Base 64 is due to the MIME standard.

Bearer: Bearer Authentication (also known as token Authentication) is a Schema for HTTP authentication (RC6750).

Authorization: Bearer <token>

Bearer identifies resources protected by an Oauth2. It must be a string. It represents a Server authorization issued to the client. In turn, the client must have its own mechanisms to identify and validate the Token.

Digest: Digest authentication is an authentication method in which a request from a potential user is received by a network server and then sent to a domain controller. The domain controller sends a special key, called the Digest session key, to the server that received the original request. The user must then produce a response, which is encrypted and transmitted to the server. If the user’s response is correct, the server grants the user access to the network, the website or the resources requested for a single session.

In addition to these, there are also HOBA, Mutual and AWS4-HMAC-SHA256 authentications, which are shown on this link (https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication).

Interesting links for more details:
Basic: http://qnimate.com/understanding-http-authentication-in-depth/
Bearer: https://www.brunobrito.net.br/jwt-cookies-oauth-bearer/
Digest: https://searchsecurity.techtarget.com/definition/digest-authentication
Mutual: https://onlinehelp.tableau.com/current/server/en-us/ssl_mutual_about.htm
AWS4-HMAC-SHA256: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html

Browser other questions tagged

You are not signed in. Login or sign up in order to post.