Authentication

Authentication aims to determine the identity of an entity.

Entity may be user, system, or software.

The basic process relies on the verification of some property of the authenticated entity by the authenticator.

Something that he has.
Something that he knows.
Something that he is.

Base HTTP methods

Makes use of the Authorization header.

The header is passed to applications as well as users.
May require a password to be in clear text.
Presents no configurable user interface.

Basic authentication through direct presentation of credentials.

Authorization: Basic base64(login:password)

Digest authentication.

The server replies with the authentication arguments in the WWW-Authenticate.

Authorization: Digest username="Mufasa",
                realm="testrealm@host.com",
                nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                uri="/dir/index.html",
                qop=auth,
                nc=00000001,
                cnonce="0a4f113b",
                response="6629fae49393a05397450978507c4ef1",
                opaque="5ccc069c403ebaf9f0171e9517f40e41"

PreviousHTTP Communication NextAuthentication Flow State

Last updated 5 months ago