Overview#Authorization Header HTTP Request Header contains the credentials to authenticate a user-agent with a server, usually after the server has responded with a HTTP 401 Unauthorized and the WWW-Authenticate HTTP Response Header.
Basic Authentication Scheme implementation is the simplest technique for enforcing Access Controls to web resources because it doesn't require cookies, session identifier and login pages. Rather, Basic Authentication Scheme uses static, standard HTTP Header Fields which means that no handshakes have to be done in anticipation.user-agent to authenticate itself towards the server, it must respond appropriately to unauthenticated requests.
WWW-Authenticate: Basic realm="nmrs_m7VKmomQ2YM3:"
The authorization method and a space i.e. "Basic " is then put before the encoded string.
For example, if the user agent uses 'Aladdin' as the username and 'open sesame' as the password then the field is formed as follows:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
More Information#There might be more information for this subject on one of the following:
- Authorization Server
- Basic Authentication Scheme
- Channel Binding
- JWT Authentication
- Resource Owner Password Credentials Grant
- Token Introspection Endpoint
- UserInfo Request