What types of authentications does HTTP support?


I intend to delve deeper into authentications that are in the context of the HTTP protocol, however, I don't know their types.

Therefore, I would like a brief explanation regarding authentications supported by HTTP and how they work.


Basic: Basic Authentication is the most common authentication system in the HTTP protocol. It is included in the HTTP request header like this:

Authorization: Basic {credenciais em base 64 no formato usuário:senha}

Remember that Base 64 is an encoding scheme, not encryption. Therefore, you MUST use it only with an HTTPS (TLS) connection. The use of Base 64 is due to the MIME standard.

Bearer: Bearer authentication (also known as token authentication) is a Schema for HTTP authentication (RC6750).

Authorization: Bearer <token>

Bearer identifies resources protected by an OAuth2. The must be a string. It represents a Server authorization issued to the client. In turn, the client must have its own mechanisms to identify and validate the Token.

Digest: Digest authentication is an authentication method in which a request from a potential user is received by a network server and then sent to a domain controller. The domain controller sends a special key, called a digest session key, to the server that received the original request. The user must then produce a response, which is encrypted and transmitted to the server. If the user's response is correct, the server grants the user access to the network, website, or requested resources for a single session.

In addition to these main ones, there are also HOBA, Mutual and AWS4-HMAC-SHA256 authentications, which are shown in this link ( https://developer.mozilla.org/pt-BR/docs/Web/HTTP/Authentication ).

Interesting links for more details:
Basic: http://qnimate.com/understanding-http-authentication-in-depth/
Bearer: https://www.brunobrito.net.br/jwt-cookies-oauth-bearer/
Digest: https://searchsecurity.techtarget.com/definition/digest-authentication
AWS4-HMAC-SHA256: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html

Scroll to Top